|
A "Domain" in internet standard is the legal and registered name of a network,
it can be a closed network or an open network such as a web site, all
connections go through either the registered name or IP address. |
The answer is...
Well let's consider the different reasons you would want to increase the security of your network.
- You want to keep your data yours.
- You don't want just anyone on your network to access all the files stored on the server.
- You want to share your color printer with only a few users, the other users can use the community printer.
- You have a set of files for a project and you want to only share those with the project team.
A server doesn't give you much
in the way of security unless you create a special type of Domain.
A server will only serve up files and accommodate printers unless you create
a one.
What is Active Directory?
An Active Directory or Windows NT Domain is a list of processes and rules that have to be followed to access the resources supplied by the
Domain Controller.
Active Directory has the following qualities:
- Single Log On
- Log on requires a unique User ID and a Password
- User account will be locked after three failed attempts (wrong password)
- User password strength can be set for complexity
- Resources allocated to User ID security level
The steps you need to create an Active Directory are:
- Setup a Server with a Server Operating System
- Load the Server with the prerequisite services
- Create the Domain
- Create the User ID's and apply the security to the ID's
- Create a group for each type of shared resource, add individual ID's to
the share
- Using a group share the resources for the network
A computer not on a secure network such as with Windows Active Directory is
an easy target for a thief. A person with a limited amount of knowledge could access your computer with a few minutes of uninterrupted time. Then your data is compromised.
Where as a computer on a secured network such as an Windows Active Directory would deter most thieves unless they have access to the
network with a User ID and Password.
With Windows Active Directory the network administrator can set policies that
enforce password and user security by setting standards as to how many
characters the user ID needs to be, how many characters the password needs to be
with complexity in the password to keep it from being guessed and how often the
password needs to be changed.
The Windows Active Directory password policy can also be set to lock the user
ID after so many failed attempts, the "Best Practice" setting is three failed
attempts and requires an administrator with rights to unlock and/or reset a user
ID or password.
Another aspect of a Windows Active Directory is the control of resources by
using "Groups" and membership in the Group. By giving the Group access to only
the resource needed by the members and limiting the members only to the user
ID's that need the resource the security of that resource is enhanced. No user
ID and password no access to the network. No membership in the resource Group no
access to the resource. This limits who can access what resource and will
further deter a thief.
This Windows Active Directory increases the security of a network by 1000%
just by enforcing the user ID and password policies.
Are there ways around this security?
Sure but with the Group Policy settings that come with Windows Active
Directory you can make it harder and more tedious for a thief to gain access to
your network. If you make it hard enough the thief will go somewhere else where
the security is not as strong.
Why do you need a
hardware firewall to go along with your new
Active Directory?
|
Proudly Made in The U. S. A.
www.diy-computer-repair.net