« Previous 1 2 3
Security boundaries in Windows
Cordoned Off
Security architects are familiar with breaking down infrastructure into different levels. The unauthorized transition of a user from one area to another is considered a security breach. Windows offers various protection mechanisms against remote and local attackers. Microsoft first differentiates between different border areas, or security boundaries, and defines separate protection goals for each of these areas. These protection goals not only determine the security of the rolled-out Windows instances but also how the criticality of security vulnerabilities is assessed.
Consider a simple real-world data center example in which a physical area outside the data center is an area for visitors, another area is for customers, and two different areas are for employees, depending on their tasks. If a person enters the visitor area, for example, a transition to the first security zone takes place. As long as this access takes place during normal visiting hours, this action is not problematic. Outside visiting hours (i.e., when the doors are locked), this is obviously a security incident.
If the person is a customer or employee, they can enter the customer area after successful authentication by the gatekeeper. Once in the customer area, access to other areas usually relies on technical security systems.
Customers and employees use a chip card with a PIN for authentication that allows them to enter individual rooms. Support staff can also enter the general staff area in addition to the customer areas. Network administrators are also allowed to enter the rooms with the switches and routers in the data center.
What works in the real world can also be applied to securing operating systems. Microsoft defines nine different security boundaries for its own operating systems, active services, and devices in use, although they are not all hierarchically structured like the security areas in the example above. An associated document in the Microsoft
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Protect Hyper-V with on-board resources
With the right settings and small tools, security in virtual environments can be increased significantly by tweaking the on-board tools. -
Secure status and event monitoring of tier 0 systems
We show you how monitoring your sensitive IT systems can be a more secure experience. -
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Protect Azure resources with Network Security Groups
Security segmentation into zones has long been the norm in data centers. Microsoft Azure Network Security Groups offers this kind of granular defense-in-depth security, including multilevel configuration of access rules. -
New security features in Windows 10
With each version of Windows, Microsoft has expanded the built-in security functions. Windows 10 includes a number of new and interesting security features.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
