Computer security is a lot more complicated than just making your users change their passwords every so often. Computer security involves powerful cryptography, a variety of security mechanisms, and principles designed to prevent security breaches. But computer security does not stand alone. It requires strong administrative security policies that define security within your organization and policies that protect data even after it leaves the computers.
All companies need to have a written security policy that describes what resources require protection. Such a policy must come from company management, not from network administrators. Several characteristics of a good policy were shown in this chapter.
The encryption technologies used within Windows Server 2003 (hashing, shared secret encryption, and public key encryption) are important to understand. These technologies play a key role in Windows authentication, the Encrypting File System, and other security technologies. You'll see them come up again and again in the following chapters.
Strong passwords are extremely important in all environments. Attackers use many techniques to compromise passwords. But there are ways that you can help users (and other administrators!) create memorable, strong passwords on your network.
In the next chapters, I'll build on the basics that I covered here. You'll find that encryption plays a strong role throughout Windows Server 2003, for example. Also, much of the rest of this book focuses on how to implement security, meaning you should already have a written policy that tells you what needs to be secured.