The initial Microsoft Windows NT developers had the chance to realize a completely new operating system. This gave them the opportunity to integrate several security options that they did not have to take into account previously. As the most recent successor with many extensions and improvements, Windows Server 2003 also benefits from this heritage. As a result, Windows Server 2003 includes many modern security concepts. Even though these concepts often exceed expectations, they do not limit the use of standard applications. Understanding the Windows security system is an important factor in properly configuring a terminal server environment. This is especially true for an environment in which users work with applications that are critical for the company.
What exactly is security? Here, security means preventing people from any unauthorized access to a networked computer system and protecting the computer from both intentional and unintentional damages. This includes both local access and access via the network. An attacker or a negligent user normally changes or deletes data in a way that is not permitted on the target system by either modifying data directly or by changing it via an inserted program. Obviously, security in this chapter does not mean mirroring hard drives or regular data backups.
A number of mechanisms help ensure secure terminal server operation:
User identification, authentication Registered users must have an individual account and log on securely by providing a password. Alternatively, they can identify themselves with certificates (for example, on smart cards). All subsequent user action will then be linked to the logon information provided.
Authorization, access control A special system component controls which users have access to what data. This includes the file system, registry database, logical drives, and printers. The system uses access control lists (ACLs) to manage the access to each data object. Each data object has an owner who created the object and who can modify the ACL unrestrictedly.
Encryption Encryption options involve both local data and data streams flowing through the connected network. The relevant encryption algorithms ensure that all information is kept confidential and remains intact (integrity).
User permissions and administration To keep the system running, a number of administrative tasks must be performed. For this reason, a group of users (administrators) exists that has privileged system access. All other users have restricted permissions so that they cannot modify system settings.
Monitoring using a system protocol Users and administrators can make mistakes, even with the best intentions. A system instance logs many predefined activities to allow administrators to monitor the entire system and to conduct subsequent analyses. To detect and trace attacks by members of the administrator group, these audits should be conducted by others (internal auditors). Monitoring makes little sense if administrators can remove the traces of their forbidden actions from the system protocol.