欢迎来到留学生英语论文网

当前位置:首页 > 论文范文 > Information Systems

Windows server 2008 R2

发布时间:2017-03-27
该论文是我们的学员投稿,并非我们专家级的写作水平!如果你有论文作业写作指导需求请联系我们的客服人员

Contents

Introduction

Benefit of using windows server 2008 R2

SECURE DATA TRANSMISSION.

Secure Sockets Layer (SSL)

ENCRYPTION

Transparent Data Encryption (DTE)

PUBLIC KEY INFRASTRUCTURE (PKI)

Digital signature

PERIMETER NETWORK SECURITY

VPN

WEB SECURITY

OPERATIONAL SECURITY

Password policies

ACLs:

Active directory certificate services

Conclusion

Introduction

HI-grade toys company upgrade to their peer to peer network to a domain based network in windows 2008R2.currently network caters around 100 clients. The higrade toy structure is as follows

The company choose to exploited Microsoft enterprise agreement for authorizing and executing the Windows Server 2008 R2 Enterprise working framework with Hyper-V engineering.

So windows server 2008R2 enterprise server provide Varity of services for company.

Active directory domain services is one of merger services of them. this service will provide to organization very flexible strong centralized easily manageable infrastructure. this feature provide Varity of services such as Location transparency, Object data, Rich query, add users, create and edit users accounts, and most important is this company overview has 3 organization units and 2 groups and administrator easily can categorize according to the company overview and put the users into the relevant organization unit and also give each organization units to relevant group policies.

The active decretory certificate service is service for security issues. Administrator can do digital signature. under the signature can do code. this service most important for dealing with costumers. as example vey impotent for email deal with a customer must be singed and encrypted email. we can use signature using the certificate validate that definitely from client it is make sure never changed and never been modify.

FSRM feature is important to the company internal security. Some company employees tring to install software that can be very harm to the server, overcome this installing files FSRM really important for this. to block specific files type in a folder or drive.

The organization utilized Active area Services, Active catalogue declaration administrations, Fsrm (file server Resource Manager), DHCP server, DNS server, Network strategy server with WSUS, steering and remote access with VPN setup, Basic windows Firewall, print administrations for offering print utilities an arrangement of arrangements from Microsoft Services and innovation accomplices that helps organizations change server farms into key business holdings. Microsoft Services gave backing to the organization's move to Hyper-V, helping Higrade toys to arrange and execute nature's turf furthermore giving preparing on the peculiarities of the hypervisor. "The specialists with Microsoft Services ought to be very gifted experts and have top to bottom learning of Hyper-V, which was another engineering for us so they can help us begin by exchanging their insight to us so we could proceed with the virtualization exertions on a progressing premise." (MICROSOFT )

Higrade Toys streamlined IT administration by virtualizing its server surroundings and dealing with nature's domain with System Centre items and advances from regular IT assignments, for example, provisioning and overseeing servers, to logistical issues like overseeing around the gathered server farm.

Benefit of using windows server 2008 R2

  • Windows server 2008 R2 is the newest windows Server operating system from Microsoft. Designed to help organizations reduce operating costs and increase efficiencies Windows server 2008 R2 provides enhanced management control over resources across the enterprise.
  • Windows server 2008 R2 was designed to perform as well or better for the same hardware base as windows server2008.In addition R2 is the first windows server operating system to move solely to a 64-bit architecture.
  • Windows server 2008 introduce a ‘balanced’ power policy which monitors the utilization level of the processors on the server and dynamically adjusts the processor performance states o limit power to the needs of the workload. Windows server 2008 R2 enhances this power saving feature by adding more granular abilities to manage and monitor server and server CPU power consumption as well as extending this ability to the desktop via new-oriented group policy setting.
  • Windows server 2008 R2 includes many updates that make it the best windows server application platform yet, but one of the most important is the new internet information services 7.5 Managing storage isn’t just about managing disks.
  • Windows server 2008 R2 along with several new components that expand on the core capabilities of group policy management that have been part of windows 2000/2003 active directory
  • Windows server 2008 R2 also gives you a complete virtualization platform out of the box. Move to windows server 2008 R2 and you’ll get the next generation of our hypervisor hyper-V R2 which now includes advanced business continuity scenarios like the above-mentioned live migration.
  • Windows Server 2008 R2 is a multipurpose working framework intended to build the unwavering quality and adaptability of your server and private cloud base, helping you to spare time and diminish costs. It furnishes you with compelling devices to respond to business needs quicker than any other time before with more prominent control and certainty.

After installed and configured the windows server 2008 r2, now to evaluate windows server 2008 r2 based on some criteria that are:

  • Secure data transmission.
  • Perimeter network security.
  • Manage operational security

SECURE DATA TRANSMISSION.

Framework devices are the parts used to unite workstations or other electronic components together, that they can give records or stakes like printers or fax machines. Contraptions used to setup a Local Area Network (LAN) are the most well-known sorts of framework devices used by the overall public. A LAN obliges a focal point, switch, cabling or radio building, system cards, and if online access is wanted, a high speed modem. This is significantly less trapped than it may sound to someone else to frameworks overseen

Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) provide data encryption ( hiding what is sent from one computer to another) and identification (making sure the computer you are speaking to is the one you trust) services for secure data transmission for the company network.

ENCRYPTION

Encryption is the change of data into a structure, called a figure message that can't be successfully seen by unapproved people. Translating is the strategy of changing over encoded data go into its special structure, so it cannot be hacked.

Protect the data at rest by encryption the data on disk

Transparent Data Encryption (DTE)

This feature can encrypt and decrypt the data and log file in real time as read writes are done.

PUBLIC KEY INFRASTRUCTURE (PKI)

PKI provide this organization utilize PUBLIC KEY INFRASTRUCTURE (PKI).in active directory, certificate services, specially provide for this need. A PKI allows organizations to determine trustworthiness, identity and authenticity of client based on certificates and key they process.

This keys are generated by various encryption algorithms and cryptographic routine.

A typical PKI is asymmetric. Its make use of both public and private keys. the public key only works one way and provides means of encryption but not decryption. This public key can be given out by an organization to anyone that needs the means to send encrypted data to that organization.

The public key is compromised by a hacker the damage is minimal because the key can only be used to encrypt the data not decrypt it. There fore the hacker even upon possessing the key does not again ability to intercept private data secure with the public key

Public Key Infrastructure is a two key encryption system for communication. This concept is a framework; it’s not a specific technology. And most important basic thing is this Infrastructure has to have two keys which are public and private key. So PKI provide confidentially with the encryption and provide authentication with use of digital certificate.

Public key binds with a digital signature. This key that anyone can use to encrypt the information with the private key which keeps yourself. As a example two computers want to communicate each other, so first sender request receivers public key so receiver send public key which is anyone can see it anyone can use it. the sender use that receiver public key to encrypt the message which is going to send to the receiver. this message can only decrypt receivers’ private key which is only receiver has. It is great for confidentiality. because nobody can intercept the message between decrypted, because they don’t have receivers’ private key.

A PKI (PUBLIC KEY INFRESTRUCTURE) empowers clients of an in a general sense unsecure public structure, for example, the Internet to safely and secretly trade information and cash through the utilization of an public and a private cryptographic key match that is acquired and gave through a trusted impact. People all things considered key base obliges an advanced endorsing that can see a specific or an alliance and list benefits that can store and, when major, deny the affirmations. Despite the way that the allotments of a PKI are by and largely handle on, distinctive different vendor approaches and associations are climbing. Then, an Internet standard for PKI is consistently dealing with.

Digital signature

Non repudiation is the guarantee that someone can not deny having send a message once it has been signed with their digital signature. the signature is identify the sender.

The web benefits that are outside your home (or business) which are supplied by your ISP are either DSL, association, dial-up, or satellite. Modems are reliably joined together with a switch into a solitary unit, which then additionally suits you a firewall ensuring your structure room strike. If your modem is not in like way a switch, then you will undoubtedly oblige a switch in spite of your modem.

A workstation's advanced pointers must be changed over to direct signs before they are transmitted over standard phone lines. The particular gadgets that performs this change in a modem, infrequently called a dial-up modem. The advertisement, modem, is dead situated room the blending of the words, alter, to change into a fundamental pointer, and demodulation, to change over a clear sign into a modernized sign.

PERIMETER NETWORK SECURITY

A perimeter network (also known as a DMZ, demilitarized zone, or screened subnet) is a small network that is set up separately from an organization's private network and the Internet. In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web, RD Gateway, RD Web Access and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network called a perimeter network in order to protect the rest of the network if an intruder were to succeed. Hosts in the perimeter network should not

The Internet is an unbounded nature. It has no central managerial control and no united security course of action. Notwithstanding best thoughts, no measure of hardening can guarantee that a system joined with an unbounded framework is safe to attack. A Web server is unashamedly available on the Internet, so a framework schema must expect a part in guaranteeing the Web page and other IT stakes. Impermeable security is illogical, so don't get got in the trap of endeavouring to achieve it. You must expect to make an equality of sufficient security with cost sufficiency and down to earth judgment abilities. Security is about guaranteeing that frameworks can convey fundamental administrations and keep up key properties, for example, respectability, classifiedness and execution in spite of the vicinity of interruptions; as it were, dependability notwithstanding adversity. To have the capacity to convey vital administrations, a "solid" framework must exhibit four key properties:

be able to establish communication directly with any other host in the internal network, though communication with other hosts in the perimeter network and to the external network is allowed. This allows hosts in the perimeter network to provide services to both the internal and external network, while an intervening firewall controls the traffic between the perimeter network servers and the internal network clients.

When the considering IT security for this company most important think is physical security.lot of thing have to have implement this IT infrastructure. company have to resemble physical security. In this cooperates network inside have to build.

VPN

Many times company want sales staff workers to dial in to the company network have ability work to remotely. this sales staff access the on internet is not secure and its lot of time consuming. so the good solution is VPN technology which is allow to the remote users to access the company intranet securely. VPN allows to computer or entire network connect to each other’s over the internet securely.

WEB SECURITY

Exactly when organizing Web-based organizations you ought to totally fathom what needs to be guaranteed. Subsequently, the strategy to ensure survivability is a definitive one, rather than essentially an IT one. Once your affiliation has described its base levels of satisfactory organization and security for every one organization, the errand of orchestrating the Web security structural arranging can begin. Never use a totally "level" framework arrange, one where all devices relate particularly to each other, as you must evade developers getting access to your Web server and finding that your entire framework is completely open.

The framework form should ensure that the dissatisfaction of one level of security does not achieve a movement of deals. Drill shield in-significance and use different security contraptions consolidating firewalls fringe switches with package dividing and intrusion area structures (Idses). Further secure Web organization stakes with a separated framework topology, which diminishes the degree of any deal and buys time to respond to it.

This is proficient by separating the schema into trust regions restricted by trust limits, with holdings put in the fitting space. This uttermost hindrance in your Web site safety is a safe framework edge or nonpartisan domain (DMZ).

DMZ is a physical or logical sub network that contain and exposes an organization external facing services to a larger and untrusted network usally the internet

DMZ typically contain servers that need to be accessible from outside web server, email server DNS server.

OPERATIONAL SECURITY

Operational security is process identifying controlling and protecting critical information in organization. Framework Security is an affiliation's strategy and obtainments for ensuring the security of its focal points and of all framework development. Framework security is demonstrated in an execution of security system, fittings, and programming. For the reasons of this dialog, the going hand in hand with approach is gotten in an effort to view framework security in its total

Password policies

  • For good practice choose the password not less than 8
  • passwords may not be used in robotized or prearranged logon frameworks. Each customer should physically enter his or her mystery word at logon time to diminishing the threat of unapproved

ACLs:

What are ACL

  • ACLs are list of conditions that are applied to traffic travelling across the router interface
  • This list tell the router what type of packet to accept or deny
  • Acceptance and denial can be based on specified condition
  • ACL can be configured at the router to control access to a network or subnet

On a couple of sorts of selective workstation fittings, an Access Control List insinuates concludes that are associated with port numbers or framework daemon names that are available on a host or other layer 3, each with a rundown of hosts and/or frameworks permitted to use the organization. Both different servers and switches can have framework ACLs. Access control records can generally be intended to control both inbound and outbound development, and in this association they are similar to firewalls.

Active directory certificate services

Internal certificate service very important for this organization. it is provide a certificate issues server inside the network. good for use internal computers witch are use employees.

External certificate service good for use for secure access and download of resources or financial transaction

Conclusion

After studding this case study the firewall is very simple software basic firewall. its not good for company.its very unsecure the data . instead of this software basic firewall its very good for the hardware based firewall.

And also 2012 server very good than the 2008R2 sever. there is lot of features having 2012 R2c such as

IIS 8

PowerShell

DirectAccess

Cluster Shared Volumes

Deduplication

Hyper-V 3.0

Benefits of BitLocker

BitLocker is yet another innovative Microsoft security product designed to protect information on computers. It is only available on machines that are running the Ultimate and Enterprise editions of the popular Windows 7. This protection feature is designed to protect all the data on the hard drive.

  • Better hard disk disposal
  • Prevents unauthorized modification
  • Prevents offline attack

Reference

http://www.sans.org/reading-room/whitepapers/infosec/secure-perimeter-network-design-giac-enterprises-1622.

http://www.computerhope.com/jargon/i/ip.htm

http://compnetworking.about.com/od/internetaccessbestuses/f/what-is-network-remote-access.htm

http://benefitof.net/benefits-of-bitlocker/


上一篇:Java 下一篇:XML and Web Services