20 DIFFERENCES BETWEEN ORACLE ON WINDOWS NT AND ORACLE ON UNIX
==============================================================
1. AVAILABILITY
Windows NT has been existence since 1993. It runs on two processor
architectures: Intel X86 (needs Pentium) and Digital Alpha AXP.
The Windows NT operating system is only available from Microsoft.
UNIX has been in existence since 1972: previous versions did exist,
but they were written in PDP assembly language, rather than C. UNIX
runs on most hardware architectures and versions are supplied by
many vendors, most notably Sun, HP, IBM, Digital, Sequent, Data
General, NCR and SCO.
2. SECURITY
Windows NT 3.5 has been evaluated successfully at U.S. Department
of Defense C2 security level (TCSEC class C2 rating). A utility on
the Windows NT Resource kit, C2 Configuration/Security Manager,
reports the state of compliance of the relevant features, such as
whether the last username is displayed at logon.
As of 2000.07.25 NT 4.0 does not have a TCSEC class C2 rating.
For Microsoft's own statement about this, see:
http://www.microsoft.com/NTServer/secur ... curity.asp
Some specialised UNIX variants support the B1 level of security.
3. USER INTERFACE
Windows NT has a common graphical user interface across architecture
types. The interface changed between NT 3.51 and NT 4.0 from
Windows 3.11 style to Windows 95/98 style.
Many UNIX versions have an X-Windows type of user interface, the
appearance varying between flavours. Linux in particular offers a
number of GUI interfaces, including Windows look-alikes. However,
most UNIX commands are still character mode terminal based.
4. NUMBER OF DISK DRIVES
Windows NT is limited to using drive letters A-Z, though use of raw
partitions can allow disks to be divided up into smaller sections (see
question 17).
UNIX has no built-in limitation on number of disk drives.
5. BACKGROUND PROCESSING AND BATCH JOBS
NT only has the AT command. An easier-to-use GUI version may be found
on the Resource Kit.
UNIX has more sophisticated job control mechanisms.
6. RECOMPILATION
NT applications only require recompiling if moved to a
different architecture, e.g. Intel to Alpha.
UNIX applications require recompiling if moved to a different
platform, e.g. HP to IBM RS/6000. They also need recompiling
for different UNIX releases on the same platform.
7. SCALABILITY
Standard Windows NT currently scales effectively to four CPUs, though
some manufacturers have recently announced eight-way systems.
UNIX scales to at least 64 CPUs.
8. NUMBER OF SESSIONS
Windows NT supports only a single interactive GUI session, unless
Microsoft Terminal Server, RAS or a third-party tool is used.
UNIX supports hundreds of interactive GUI or character mode
sessions.
9. APPLICATION AVAILABILITY
Several thousand applications are available specifically for Windows NT.
It can also run many of the thousands of 16-bit Windows applications.
Third-party products allow some UNIX applications to be run, though the
greatest interest is the other way, enabling Windows NT applications to
run under UNIX variants, especially Linux. Some public domain software
is available for Windows NT.
There are many thousands of UNIX applications on the market. A large
amount of public domain software is also available. Emulation software,
available for many flavours of UNIX, allows many 16-bit Windows
applications to be run.
10. FILESYSTEM TYPES AND CAPABILITIES
Windows NT supports two filesystems - FAT and NTFS. Oracle software and
datafiles can be installed on either type, with the following provisos:
Security
- FAT filesystem has no file-level security
- Once a user is connected to the NT server, they have full access
to any FAT file (i.e. they can delete or overwrite the file)
- NTFS filesystem has file-level security
Once a user is connected to an NT server, they must then have
access to a file to be able to access it.
NT files can only have a single name (unless using POSIX).
Files on UNIX can have multiple names via hard or soft links.
11. CLUSTERING
Windows NT clustering has only become available relatively recently.
Most of the major hardware vendors support it. Two Oracle products for
Windows NT clusters are Oracle Parallel Server and Oracle Fail Safe.
The latter is for two-node clusters, where an instance can only run on
one node at a given time.
UNIX clustering has been in existence for several years. Oracle Parallel
Server has been available on UNIX since early Oracle7 releases. Oracle
Fail Safe is not available for UNIX.
12. PROCESSES AND THREADS
Each Oracle background "process" (e.g. LGWR, DBWR, ARCH, etc.), and each
dedicated server "process" is a thread of the master ORACLE process on
Windows NT. The multi-threaded architecture is very efficient on Windows
NT, permitting fast, low-overhead context switches due to all threads
sharing resources of the master process.
With Oracle7 and 8.0.x on Windows NT, most Oracle executables and hence
processes had a two-digit version number appended to the name, to allow
multiple versions to be installed into the single ORACLE_HOME. With the
introduction of multiple ORACLE_HOMEs on NT in release 8.0.4, this was
no longer necessary, and as of 8.1.5 the UNIX style of using just the
name has been adopted.
With multiple Oracle instances running on Windows NT, there will be
one ORACLE process per instance, each with multiple component threads.
Each Oracle background process exists as a separate process on
UNIX.
13. THE MULTI-THREADED SERVER (MTS)
Despite Oracle's inherently multi-threaded architecture on NT
(see previous point), the multi-threaded server option of the
RDBMS was not part of the Oracle7 port on Windows NT. Thus, each
client connection was a dedicated connection, with each connected
session getting a dedicated server thread within the ORACLE7x process.
However, Oracle8 on Windows NT fully supports MTS.
UNIX Oracle7 ports have supported MTS since early Oracle7 releases.
14. SERVICES AND DAEMONS
NT Services are similar to UNIX daemons, permitting a program to
run independent of a user logon session.
Oracle registers each instance as a service to allow them to be
started independent of a user logging on (e.g. instance started on
machine boot). By default, services run as the SYSTEM user in NT.
SYSTEM is not a user which can create a logon session - it is
specifically for running system-orientated services. Oracle server
processes on UNIX keep running even if no interactive users are
logged on.
15. SETTING ORACLE_HOME
Oracle on Windows NT utilises variables in the registry similarly to
the way Oracle on UNIX utilises shell environment variables.
ORACLE_HOME and ORACLE_SID are variables defined in the NT Registry.
The Oracle Installer and Oracle Instance Manager define variables in
the Registry as well as registering the Oracle instance as a service.
The Registry can be edited manually via the REGEDT32 utility, to change
the values of variables, but this should be undertaken with care.
Release 8.0.4 of Oracle was the first release on Windows NT that
allowed support for more than one Oracle home. This was a large
step forward in providing comparable installation capabilities to
Oracle on UNIX. If using release 8.0.4 or higher, the Oracle Home
Selector utility, not the ORACLE_HOME environment variable, should
be used to specify the setting of Oracle home.
Oracle on UNIX requires ORACLE_HOME and ORACLE_SID to be set in system
or user login scripts. UNIX has always supported multiple ORACLE_HOMEs.
16. PERFORMANCE MONITORING
Oracle on Windows NT is integrated with the NT Event Viewer and
Performance Monitor utilities.
The Event Viewer utility is how an NT administrator views system
alert messages on NT. Oracle has integrated with Event Viewer such
that Oracle startup/shutdown messages and the OS audit trail (if
you configure OS auditing in Oracle) appear there. Performance
Monitor is the NT equivalent of the UNIX sar or vmstat command,
providing detailed resource utilisation data for all processes
running on the system.
Oracle has integrated with Performance Monitor such that you can
view utilisation of operating system and Oracle resources (e.g. file
write bytes per second - only those related to Oracle, library cache
hit ratios, etc.). The Oracle Performance Monitor entry in the
Start Menu > Programs > Oracle for Windows NT starts the standard
NT Performance Monitor utility but feeds it Oracle-specific data.
Although multiple instances of Oracle can be run on Windows NT, the
NT Performance Monitor and Event Viewer utilities can only "see" one
Oracle instance at a time. For details of how to edit the relevant
registry variables, see Note 46875.1 or the Getting Started Guide
for Oracle on Windows NT.
Oracle on UNIX provides no performance utilities for use at operating
system level. Utilities such as sar or vmstat must be used to monitor
Oracle background or shadow processes. These do not provide a graphical
interface. More sophisticated third-party tools are available on UNIX.
17. RAW PARTITIONS
Windows NT supports raw (unbuffered) disk partitions, where Oracle can
store data, log or control files. Each raw partition can be assigned a
drive letter, but will not be formatted with a filesystem.
Similarly to UNIX, each raw NT partition will be mapped to a single
Oracle data, log or control file. Where NT differs from UNIX is
the naming convention for these files. When referencing a raw
partition in any Oracle SQL command, the syntax looks like this:
DATAFILE '\\.\f:' SIZE 49M REUSE
where f: is the drive letter assigned to the raw partition, referred to
here as a logical raw file. Windows NT and Oracle also support physical
raw files, with device names of the form:
\\.\PhysicalDriveN
where N is the number of the physical drive, as seen in Disk Administrator.
Physical raw files would need to be used on a system with more drives than
available drive letters for the desired number of raw partitions.
The OCOPY utility can be used to copy data to and from raw partitions,
in a similar way to the UNIX dd command. Backup of a raw partition must
be to a filesystem. The NT Backup utility can then be used to copy the
backup to tape as required.
On both Windows NT and UNIX, raw partitions must be used for the shared
data files in a Parallel Server environment, where special Oracle
utilities are provided for manipulating them.
18. CONNECT INTERNAL
A password is required to CONNECT INTERNAL for Oracle on Windows NT.
The database password is defined during installation and by default
is stored in a hidden password file called "PWD<SID>.ora" in the
DATABASE directory under "ORACLE_HOME".
There is a Windows NT equivalent to the UNIX dba group. The NT username
used to install Oracle8i Enterprise Edition is automatically added to a
Windows NT local group called ORA_DBA, which receives SYSDBA privilege.
This obviates the need for a password when issuing commands such as
CONNECT INTERNAL and CONNECT / AS SYSDBA. On the same principle, an
ORA_OPER group can be created for database operators, and finer-grained
security is possible by use of the "ORA_<SID>_DBA" and "ORA_<SID>_OPER"
groups.
19. HOT BACKUPS
Oracle on Windows NT supports hot backups using the same backup
strategy as it on UNIX, i.e. put the tablespaces into backup mode and
copy the files to the backup location. Then bring the tablespaces out
of backup mode. By definition, this can all be done while the database
is up and in use (though it is best to choose a quiet time, when there
are few transactions).
The Windows NT feature to be aware of is that NT Backup does not allow
files in use to be copied, so you must use the OCOPY utility that
Oracle provides to copy the open database files to another disk location.
Since OCOPY cannot copy files directly to tape, you will then need to use
NT Backup or a similar utility to copy the files to tape, as required.
20. RELINKING
Oracle on Windows NT is supplied as a set of executables and dynamic link
libraries (DLLs). Relinking by the user is not possible on Windows NT, but
executable images can be modified using the ORASTACK utility, to change
the size of the stack used by the threads of the Oracle server process.
This can be useful to avoid running out of virtual memory when using a
very large SGA, or with thousands of connections. It is recommended that
this tool should be used under the guidance of Oracle Support.
On UNIX, object files and archive libraries are linked to generate the
Oracle executables, and relinking is necessary after operations such as
installation of a patch or Net8 protocol adapter.
20 DIFFERENCES BETWEEN ORACLE ON WINDOWS NT AND OR
-
ahmadbilal
- Posts: 615
- Joined: Mon Sep 18, 2006 1:32 am
- Location: United Arab Emirates
- Contact:
Thanks for your all sharings. Keep it up....
Seems the following link is not working,
http://www.microsoft.com/NTServer/secur ... curity.asp
Seems the following link is not working,
http://www.microsoft.com/NTServer/secur ... curity.asp
-
ahmadbilal
- Posts: 615
- Joined: Mon Sep 18, 2006 1:32 am
- Location: United Arab Emirates
- Contact:
Security Management and Operations
Abstract
The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the complexity of managing network and systems security. Organizations are faced with the difficult and time-consuming task of securing and managing network systems, and keeping their desktops and servers up-to-date?all of this in the face of constrained resources and the uncertainty as to whether systems are, in fact, secure. Organizations want easy and efficient ways to maintain network security, manage updates, and, at the same time, reduce total costs for security management. With a number of Microsoft tools and technologies, including those integrated in Windows 2000 Server, the Microsoft Baseline Security Analyzer (MBSA), Microsoft Operations Manager (MOM), Software Update Services (SUS), and System Management Server, IT administrators can more effectively manage the security of their Windows environments.
On This Page
Introduction
Challenges in Security Management and Operations
Solutions for Security Management and Operations
Conclusion
Introduction
Enterprises are competing globally to provide access to information, to enhance productivity, and to deliver services quickly?all at the lowest possible cost. The ability to communicate and collaborate with partners, suppliers, customers, and employees anytime and anywhere is now a requirement. Gone are the days when only a selected group of people had network access to business applications and data.
The advent and acceptance of new computing technologies and the Internet have changed the way information is stored, accessed, and shared. Companies have implemented a more open and distributed information model resulting in benefits that include:
? Increased Employee Productivity: Enables employees to be flexible, make better decisions, and respond quickly to the changing demands of the marketplace by providing secure access to the information they need anywhere at anytime.
? Lower Cost: Decreases costs and increases efficiency by safely leveraging the power of collaboration and network connectivity.
? Integrated Business Processes: Increases sales by enabling closer relations with customers and partners through secure communications and collaboration.
To take advantage of these benefits, companies need a secure IT infrastructure that can minimize security risks and decrease the costs of security management and operations. This paper is one of a series of three papers:
? Secure Network Connectivity presents Microsoft's offering for ensuring secure access to corporate information assets from within an organization, or externally from the Internet.
? Identity Management presents Microsoft's offering for managing user access to all corporate information assets.
? Security Management and Operations presents Microsoft's offering for managing the people, technology, and process aspects of security.
The Need for Security Management and Operations
The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the complexity of managing network and systems security. When addressing security management and operations, administrators need to consider the following:
? Security: Employees not only work from corporate offices, but from branch offices, home offices, or from the road. Managing access policies and security for remote connectivity requires flexibility to apply security policies to different sets of users and groups, as well as ensuring remote users are up-to-date with the most current patches and updates. Administrators must keep systems up-to-date with the latest patches and fixes to prevent security breaches.
? Management complexity: Security threats are dynamic; therefore, ongoing management of systems to keep them up-to-date is very important.
? Lowering cost: The demands on IT staff to keep desktops and servers up-to-date with the latest patches, to monitor systems for security threats, and to enforce security policy across the enterprise have increased the cost of managing security.
By addressing these challenges, organizations can achieve greater employee productivity, decrease costs, and improve business integration.
Top of page
Challenges in Security Management and Operations
As businesses move to a connected environment, the demands on IT administrators to maintain a secure environment increase significantly.
Security
The evolution of the Internet has enabled businesses to reach more customers, integrate business processes with partners, and stay connected with the mobile workforce. However, extending access from corporate networks to the Internet has exposed systems to a new and evolving set of security attacks. As a result, businesses are challenged with implementing and evolving their security processes, deploying security technologies, and keeping their IT administrators trained to manage and enforce corporate security policies.
Management Complexity
Managing networks, systems, and application security is both complex and time-consuming. Administrators' tasks include:
? Finding desktops and servers with common security misconfigurations.
? Keeping desktops and servers up-to-date with the latest security patches.
? Ensuring that the corporate security policies are enforced across desktops and servers.
? Monitoring systems for potential security compromises.
Human error is a leading factor in security failures. These errors manifest themselves in several ways:
? Configuration errors when installing products.
? The inability to track system configurations. For example, a system was already configured and deployed prior to a new system administrator taking over.
? The inability to recognize actual or attempted attacks. In a recent Computer Crime and Security survey, only 40 percent of respondents detected and reported security breaches originating from outside of their network.
Lowering Costs
Security and management complexity both have implications in terms of containing costs relating to security and IT. Security breaches and network downtime can cost organizations millions of dollars in lost revenue. In addition, the number of IT staff and the time required to implement security and keep systems up-to-date can be very costly. The difference between preventative network and systems security management and disaster recovery and down-time might be the difference between profitability and non-profitability for organizations today.
Top of page
Solutions for Security Management and Operations
Microsoft is investing heavily in engineering its products for security and providing customers with security features that meet their current and future needs. However, delivering secure products is not enough to solve the security management challenges customers are now facing, so Microsoft is also producing and delivering a variety of tools, prescriptive guidance, training, and products to help address customer security needs. These elements work together to help customers build stronger security management into their processes and systems.
Assessment and Management Tools
Microsoft is committed to helping customers become secure and stay secure by providing tools to identify common security misconfigurations, reduce attack surface area, and monitor events and performance in real time.
? The first step involves analyzing existing environments for security misconfigurations that can lead to costly compromises. Microsoft Baseline Security Analyzer (MBSA), which runs on Windows 2000 and Windows XP systems, scans for missing hot fixes and common security misconfigurations in a broad range of products, including: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002. MBSA creates and stores individual XML security reports for each computer scanned and displays the reports in the graphical user interface in HTML.
http://www.microsoft.com/technet/securi ... ahome.mspx
http://support.microsoft.com/default.as ... -US;320454&
? The IIS Lockdown tool works by turning off unnecessary features, thereby reducing the attack surface. In addition, URLscan, with customized templates for each supported server role, has been integrated into the IIS Lockdown Wizard to provide defense in depth, or multiple layers of protection against attackers.
http://www.microsoft.com/technet/securi ... ktool.mspx
? Microsoft Operations Manager (MOM) monitors events and performance of Windows servers to provide information on the real-time operational state of a system or application. MOM can be used to monitor servers for attack signatures in real time, as well as producing reports that demonstrate whether security and performance requirements are being met by production systems.
http://www.microsoft.com/mom/
Patch Management
It is a complex and time-consuming process to ensure that all internal clients and servers are kept up-to-date with critical patches. Maintaining the integrity of system software in a networked environment through a well-defined patch management program is the first step toward successful information security, regardless of any controls over physical access to a system.
Patch management is a process that gives organizations control over the deployment and maintenance of interim software releases to their IT infrastructure, to maintain operational efficiency and effectiveness, overcome potential security vulnerabilities, and maintain stability of the live environment.
To ease this process and reduce management time, Microsoft is delivering a variety of tools that simplify security management tasks by allowing them to be better-managed and more automated. These tools include:
? Windows Update is an integrated service in Windows 2000 and Windows XP that enables consumers and small businesses to be notified when new patches are available. Upon notification, users can choose to install these updates automatically or manually.
? Software Update Services (SUS) can be downloaded free of charge from the Microsoft Web site. It is designed to simplify the process of keeping Windows-based systems up-to-date with the latest critical updates. SUS enables administrators to quickly and reliably deploy critical updates to their Windows 2000-based servers as well as desktop computers running Windows 2000 Professional or Windows XP Professional. Typically, administrators have to monitor the Microsoft Web site for new updates, manually download updates, test, and with traditional distribution software, distribute to all desktops and servers. However, with SUS, administrators can test and automatically distribute security updates to all computers. SUS uses a Web-based administration to synchronize content and approve updates tested for distribution on the network.
http://www.microsoft.com/windows2000/wi ... efault.asp
? SMS Value Pack offers enhancements to the Systems Management Server (SMS) product to improve integration with other security assessment and management tools. The SMS Value Pack, scheduled for release in Q3 2002, includes extensive and flexible tools for managing and deploying security patches on enterprise networks. SMS can also be used to deploy MBSA to gather report data about the patch level of various machines on a network.
http://www.microsoft.com/smserver/downl ... efault.asp
Policy Management
To help customers define, implement, and enforce their digital security policies, Microsoft has provided an integrated policy-based management infrastructure in Windows 2000 Server and Windows XP.
Windows 2000 Server, through Group Policy and Active Directory, enables IT administrators to define and apply security policies to users, groups, and network servers. A group of servers with the same functionality can be created (for example, a Microsoft IIS server farm can be created), and then group policy objects can be used to apply common security settings to the group. If more servers are added to this group later, many of the common security settings are automatically applied, reducing deployment and administrative labor.
When security policies are created and applied, the goal is to simplify and centralize security configuration and management for computers running Windows 2000 Server in the perimeter network. Policies reduce administrator workload by automating some processes for applying security to servers. Computers running Windows 2000 Server that are members of a domain will periodically access Active Directory; if they find that a new policy exists or that an existing one has been changed, they automatically download the policy and apply it locally.
http://www.microsoft.com/windows2000/te ... efault.asp
Prescriptive Guidance
The best tools and products may be ineffective without detailed guidance and training on how to employ them properly. Microsoft is providing prescriptive content that helps customers secure their systems and keep them secure, including:
? Microsoft Operations Framework (MOF) is a collection of best practices, principles, and models. It provides comprehensive technical guidance for achieving mission-critical production system reliability, availability, supportability, and manageability for solutions and services built on Microsoft's products and technologies. MOF provides industry-standard best practices for operations procedures, including detailed procedures for how to identify and deal with risks at all levels of a corporate IT infrastructure.
http://www.microsoft.com/mof/
? The Microsoft
Abstract
The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the complexity of managing network and systems security. Organizations are faced with the difficult and time-consuming task of securing and managing network systems, and keeping their desktops and servers up-to-date?all of this in the face of constrained resources and the uncertainty as to whether systems are, in fact, secure. Organizations want easy and efficient ways to maintain network security, manage updates, and, at the same time, reduce total costs for security management. With a number of Microsoft tools and technologies, including those integrated in Windows 2000 Server, the Microsoft Baseline Security Analyzer (MBSA), Microsoft Operations Manager (MOM), Software Update Services (SUS), and System Management Server, IT administrators can more effectively manage the security of their Windows environments.
On This Page
Introduction
Challenges in Security Management and Operations
Solutions for Security Management and Operations
Conclusion
Introduction
Enterprises are competing globally to provide access to information, to enhance productivity, and to deliver services quickly?all at the lowest possible cost. The ability to communicate and collaborate with partners, suppliers, customers, and employees anytime and anywhere is now a requirement. Gone are the days when only a selected group of people had network access to business applications and data.
The advent and acceptance of new computing technologies and the Internet have changed the way information is stored, accessed, and shared. Companies have implemented a more open and distributed information model resulting in benefits that include:
? Increased Employee Productivity: Enables employees to be flexible, make better decisions, and respond quickly to the changing demands of the marketplace by providing secure access to the information they need anywhere at anytime.
? Lower Cost: Decreases costs and increases efficiency by safely leveraging the power of collaboration and network connectivity.
? Integrated Business Processes: Increases sales by enabling closer relations with customers and partners through secure communications and collaboration.
To take advantage of these benefits, companies need a secure IT infrastructure that can minimize security risks and decrease the costs of security management and operations. This paper is one of a series of three papers:
? Secure Network Connectivity presents Microsoft's offering for ensuring secure access to corporate information assets from within an organization, or externally from the Internet.
? Identity Management presents Microsoft's offering for managing user access to all corporate information assets.
? Security Management and Operations presents Microsoft's offering for managing the people, technology, and process aspects of security.
The Need for Security Management and Operations
The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the complexity of managing network and systems security. When addressing security management and operations, administrators need to consider the following:
? Security: Employees not only work from corporate offices, but from branch offices, home offices, or from the road. Managing access policies and security for remote connectivity requires flexibility to apply security policies to different sets of users and groups, as well as ensuring remote users are up-to-date with the most current patches and updates. Administrators must keep systems up-to-date with the latest patches and fixes to prevent security breaches.
? Management complexity: Security threats are dynamic; therefore, ongoing management of systems to keep them up-to-date is very important.
? Lowering cost: The demands on IT staff to keep desktops and servers up-to-date with the latest patches, to monitor systems for security threats, and to enforce security policy across the enterprise have increased the cost of managing security.
By addressing these challenges, organizations can achieve greater employee productivity, decrease costs, and improve business integration.
Top of page
Challenges in Security Management and Operations
As businesses move to a connected environment, the demands on IT administrators to maintain a secure environment increase significantly.
Security
The evolution of the Internet has enabled businesses to reach more customers, integrate business processes with partners, and stay connected with the mobile workforce. However, extending access from corporate networks to the Internet has exposed systems to a new and evolving set of security attacks. As a result, businesses are challenged with implementing and evolving their security processes, deploying security technologies, and keeping their IT administrators trained to manage and enforce corporate security policies.
Management Complexity
Managing networks, systems, and application security is both complex and time-consuming. Administrators' tasks include:
? Finding desktops and servers with common security misconfigurations.
? Keeping desktops and servers up-to-date with the latest security patches.
? Ensuring that the corporate security policies are enforced across desktops and servers.
? Monitoring systems for potential security compromises.
Human error is a leading factor in security failures. These errors manifest themselves in several ways:
? Configuration errors when installing products.
? The inability to track system configurations. For example, a system was already configured and deployed prior to a new system administrator taking over.
? The inability to recognize actual or attempted attacks. In a recent Computer Crime and Security survey, only 40 percent of respondents detected and reported security breaches originating from outside of their network.
Lowering Costs
Security and management complexity both have implications in terms of containing costs relating to security and IT. Security breaches and network downtime can cost organizations millions of dollars in lost revenue. In addition, the number of IT staff and the time required to implement security and keep systems up-to-date can be very costly. The difference between preventative network and systems security management and disaster recovery and down-time might be the difference between profitability and non-profitability for organizations today.
Top of page
Solutions for Security Management and Operations
Microsoft is investing heavily in engineering its products for security and providing customers with security features that meet their current and future needs. However, delivering secure products is not enough to solve the security management challenges customers are now facing, so Microsoft is also producing and delivering a variety of tools, prescriptive guidance, training, and products to help address customer security needs. These elements work together to help customers build stronger security management into their processes and systems.
Assessment and Management Tools
Microsoft is committed to helping customers become secure and stay secure by providing tools to identify common security misconfigurations, reduce attack surface area, and monitor events and performance in real time.
? The first step involves analyzing existing environments for security misconfigurations that can lead to costly compromises. Microsoft Baseline Security Analyzer (MBSA), which runs on Windows 2000 and Windows XP systems, scans for missing hot fixes and common security misconfigurations in a broad range of products, including: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002. MBSA creates and stores individual XML security reports for each computer scanned and displays the reports in the graphical user interface in HTML.
http://www.microsoft.com/technet/securi ... ahome.mspx
http://support.microsoft.com/default.as ... -US;320454&
? The IIS Lockdown tool works by turning off unnecessary features, thereby reducing the attack surface. In addition, URLscan, with customized templates for each supported server role, has been integrated into the IIS Lockdown Wizard to provide defense in depth, or multiple layers of protection against attackers.
http://www.microsoft.com/technet/securi ... ktool.mspx
? Microsoft Operations Manager (MOM) monitors events and performance of Windows servers to provide information on the real-time operational state of a system or application. MOM can be used to monitor servers for attack signatures in real time, as well as producing reports that demonstrate whether security and performance requirements are being met by production systems.
http://www.microsoft.com/mom/
Patch Management
It is a complex and time-consuming process to ensure that all internal clients and servers are kept up-to-date with critical patches. Maintaining the integrity of system software in a networked environment through a well-defined patch management program is the first step toward successful information security, regardless of any controls over physical access to a system.
Patch management is a process that gives organizations control over the deployment and maintenance of interim software releases to their IT infrastructure, to maintain operational efficiency and effectiveness, overcome potential security vulnerabilities, and maintain stability of the live environment.
To ease this process and reduce management time, Microsoft is delivering a variety of tools that simplify security management tasks by allowing them to be better-managed and more automated. These tools include:
? Windows Update is an integrated service in Windows 2000 and Windows XP that enables consumers and small businesses to be notified when new patches are available. Upon notification, users can choose to install these updates automatically or manually.
? Software Update Services (SUS) can be downloaded free of charge from the Microsoft Web site. It is designed to simplify the process of keeping Windows-based systems up-to-date with the latest critical updates. SUS enables administrators to quickly and reliably deploy critical updates to their Windows 2000-based servers as well as desktop computers running Windows 2000 Professional or Windows XP Professional. Typically, administrators have to monitor the Microsoft Web site for new updates, manually download updates, test, and with traditional distribution software, distribute to all desktops and servers. However, with SUS, administrators can test and automatically distribute security updates to all computers. SUS uses a Web-based administration to synchronize content and approve updates tested for distribution on the network.
http://www.microsoft.com/windows2000/wi ... efault.asp
? SMS Value Pack offers enhancements to the Systems Management Server (SMS) product to improve integration with other security assessment and management tools. The SMS Value Pack, scheduled for release in Q3 2002, includes extensive and flexible tools for managing and deploying security patches on enterprise networks. SMS can also be used to deploy MBSA to gather report data about the patch level of various machines on a network.
http://www.microsoft.com/smserver/downl ... efault.asp
Policy Management
To help customers define, implement, and enforce their digital security policies, Microsoft has provided an integrated policy-based management infrastructure in Windows 2000 Server and Windows XP.
Windows 2000 Server, through Group Policy and Active Directory, enables IT administrators to define and apply security policies to users, groups, and network servers. A group of servers with the same functionality can be created (for example, a Microsoft IIS server farm can be created), and then group policy objects can be used to apply common security settings to the group. If more servers are added to this group later, many of the common security settings are automatically applied, reducing deployment and administrative labor.
When security policies are created and applied, the goal is to simplify and centralize security configuration and management for computers running Windows 2000 Server in the perimeter network. Policies reduce administrator workload by automating some processes for applying security to servers. Computers running Windows 2000 Server that are members of a domain will periodically access Active Directory; if they find that a new policy exists or that an existing one has been changed, they automatically download the policy and apply it locally.
http://www.microsoft.com/windows2000/te ... efault.asp
Prescriptive Guidance
The best tools and products may be ineffective without detailed guidance and training on how to employ them properly. Microsoft is providing prescriptive content that helps customers secure their systems and keep them secure, including:
? Microsoft Operations Framework (MOF) is a collection of best practices, principles, and models. It provides comprehensive technical guidance for achieving mission-critical production system reliability, availability, supportability, and manageability for solutions and services built on Microsoft's products and technologies. MOF provides industry-standard best practices for operations procedures, including detailed procedures for how to identify and deal with risks at all levels of a corporate IT infrastructure.
http://www.microsoft.com/mof/
? The Microsoft
Who is online
Users browsing this forum: No registered users and 1 guest