Security management is a critical security service that guarantees that the security settings and software on computer platforms and security infrastructure servers can be configured and maintained in an easy and coherent way. The security configuration together with the software that s allowed to run on a computer system are defined in a security policy. Computer platforms can become trusted platforms if the security policy is audited this means checked for compliance by a trusted entity at regular intervals. This is the goal of security-related auditing.

In what follows, we discuss how Microsoft supports security management in Windows Server 2003 in the following three key areas: security policy management, security patch management, and security-related auditing. This chapter specifically focuses on Microsoft security management solutions. A deeper coverage of third-party (non-Microsoft) security management solutions is beyond the scope of this book.

18.1 Security policy management

The security policy for a computer platform defines all security-related configuration settings for that platform. It includes all the configuration settings listed in Figure 18.1. As Figure 18.1 shows, Microsoft does not offer a single tool to deal with the configuration all security-related settings. Most of the settings can be configured using Group Policy Object (GPO) settings; others can be configured though the Security Configuration Editor; and some cannot be configured using a Microsoft security policy configuration tool.

Figure 18.1: Coverage of security-related configuration settings by Windows security policy management tools.

Next we introduce the security policy life cycle. The other sections contain an overview of the different...