The main goal of networking is the sharing of information and resources. However, sharing is usually done on a limited basis. One of the most challenging aspects of designing network security is balancing how easy it is for an authorized user to gain access to a resource versus how difficult it is for an unauthorized person to do the same.
The protocols and services that are designed to legitimately provide identification and communication can be manipulated to provide unauthorized access to the network. The best way to begin securing your network is to divide it into manageable sections and then document each area that is potentially vulnerable. After you have a good idea of the number and potential severity of risks, you can begin the process of securing the network.
The documentation is also useful after a successful attack. You’ll immediately know the other areas where you’ll be susceptible to the same vulnerability. Thorough documentation allows network administrators to learn from past mistakes and to explain to management exactly what went wrong. If you know what happened and why, you’re more likely to keep your job after a security disaster. This section will concentrate on the networking services that are likely to be present in a Windows 2000 environment.