The key to successful security is constant vigilance. While you can configure your servers with strong passwords, restrictive security policies, and powerful network protection, attackers can almost always find a way to get through if they’re determined enough. The only way to catch them is to constantly be on your guard. This includes watching for security intrusion signs, patching security vulnerabilities immediately, and remaining alert for new conditions that could expose your enterprise to attack.

Windows Server 2003 provides a number of tools for monitoring security. The Windows Event Log has an entire Security Log in it, and Windows supports complete security auditing for file and object access, user logons, and so forth. You’ll learn more about auditing in Chapter 15, where I’ll also discuss the Security Log in more detail and show several types of security events that you can look for in your environment. Web sites, DNS services, and many other network services maintain their own logs, which you can review for possible security problems. You’ll learn about those services and their security implications throughout this book.

Of course, you’ll want to establish a regular pattern of security checks in your environment. That way, you’ll be sure to check each and every facet of your organization that is open to security breaches. The exact contents of a security checklist will depend on your organization’s security needs, but might include: