Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
This chapter introduces the concept of trusted security infrastructures (TSIs). The opening sections outline the different TSI services and their components and interactions. All services are illustrated with a set of security product offerings. Note that the list of software examples is nonexhaustive. The second part of the chapter looks at what Microsoft can provide in the TSI space and more specifically what TSI functions are bundled with the Windows Server 2003 operating system. Finally, the chapter also introduces other Microsoft software products offering TSI services.
1.1 Introduction
“Outsourcing” is a primarily economic concept that many other sciences have adopted. In information technology (IT) the outsourcing of processing functions was extremely popular during the mainframe era, but has become less common over the last two decades. With the rise of the personal computer (PC), everyone wanted more and more powerful client computing devices. Less powerful clients and the outsourcing of special functions to dedicated server machines have regained popularity only recently. For enterprises a major business driver behind the latter process was the need for reduced total cost of ownership (TCO).
For the IT security space, the use of outsourcing can be summarized as follows: Even though the outsourcing of specific and specialized security functions to trusted third party (TTP) servers has been used for many years in specific areas of IT security (e.g., authentication), it was only at the beginning of the 1990s that this outsourcing became accepted for a wider range of security functions (such as key management and access control). The reason why this took so long is mainly because of the perception of insecurity and the feeling of losing control when security services are outsourced and centralized at a TTP. The widespread use of strong cryptographic techniques and the adoption of open security standards have been important incubators for the rise of outsourcing in the IT security space.
Recent security incidents in the Internet world have also shown that it will take more than just outsourcing of security functions to dedicated TTP servers to make the IT world really secure. What are really needed are pervasive security services. These are security services that are omnipresent and that are implemented and used in a coherent and standardized way by different applications, platforms, and IT environments. Pervasive security services require a coherent security policy enforcement mechanism, which becomes easier in a centralized TTP environment.
The next few sections try to provide an overview of one of the latest trends in the outsourcing of security functionality: the creation of trusted security infrastructures (TSIs). These infrastructures provide the following core security services:
-
Identification and authentication
-
Key management
-
Authorization
-
Auditing and accounting
-
Security-related administration, including identity and security policy management
In the context of TSIs, outsourcing tends to go as far as moving away all core security services from applications and making them infrastructure services, just as happened before for networking, file, print, and messaging services.
Trusted security infrastructures will allow applications to focus on their core business function. They will provide centralized security management and accounting, and thus much more accurate security data. Most importantly, they will facilitate the creation of pervasive security services for a wide range of applications. They will also facilitate single sign-on (SSO) and more rapid and more secure application development. Because of their central role, trusted security infrastructures must use open standards. They also must be implemented in a platform-, application-, vendor- and deviceneutral way.
Категории