Ensuring a Secure Networking Infrastructure

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Standard security devices — such as firewalls, network probes, and management tools to detect irregular traffic — must be in place before you put sensitive data on server clusters (or any other servers).

Note

  • Although you can use IP security (IPSec) with server clusters, IPSec was not designed for use in failover situations. You can, however, use IPSec if your business need for secure connectivity outweighs your need for continuous client access during failover. For more information about IPSec and clusters, see article Q306677, "IPSec Is Not Designed for Failover," in the Microsoft Knowledge Base. To find this article, click the Microsoft Knowledge Base link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

In order to create a secure environment for your server clusters, begin with the following basic network precautions:

  • Secure your network with firewalls and management tools that can detect irregular network traffic.

  • Restrict physical access to network hardware (routers, hubs, and switches) to protect them from unauthorized individuals.

  • Make sure administrative permissions are adhered to, and that logs and other resources are protected by access control lists (ACLs).

  • Ensure that network services such as the Active Directory, DNS, and DHCP, and Windows Internet Name Service (WINS) are protected from compromise. Any compromise of these infrastructure services can lead to a compromise of the Cluster service itself.