Chapter 2. Basics of Computer Security

Computer security is becoming more and more important to Windows administrators. This trend is a result of several conditions in today's world, including the increase of computer competence among evildoers, the worldwide terror threat that was clearly illustrated on September 11, 2001, and the proliferation of computers and the Internet. Many companies are retraining their IT staffs to be more security-aware. Threat modeling in the data center has become commonplace. There are even vendor-independent security certifications, such as Certified Information Systems Security Professional (CISSP), which have become widely known and sought after. But before the security of your Windows Server 2003 computers can be addressed, you need to understand some of the basic concepts and terms of computer security. In this chapter, I'll introduce you to computer security fundamentals such as encryption and show you the difference between technology-based security and administration-based security. I'll also discuss other fundamental concepts like password strength and the idea of authorization versus authentication. If you are new to computer security or would like a refresher of the concepts and terms that will be used in the rest of the book, this chapter is for you.