1.1 What Is Security?

To have a meaningful discussion of security in Windows Server 2003, we should first establish what security is. A dictionary definition might refer to security as "measures adopted to provide safety." For the purposes of this book, that definition will work very well.

Computer security is not normally defined as a state of safety. Rather, it is defined as the collection of protective measures (including technology-based and non-technology-based measures) that provide a defined level of safety. When security is mentioned throughout the book, you should keep this definition in mind. Security is neither a single protective measure nor a complete protection against all attacks. It is a set of measures that provide the desired level of protection.

Many readers may say "I want complete security for my data against all attacks. Tell me how to do that." The only solution that provides complete security is to put that data on a hard drive, incinerate the drive until it is completely turned to vapor, and then randomly mix the hard drive vapor with outside air until completely dissipated. Anything less is a compromise of security in the interest of another business factor such as usability or cost. The need for such compromises is a common theme throughout all computer security topics and is discussed in every chapter of this book.