Preparation involves eliminating unnecessary sources of risk before they can be attacked. You should take the following steps:
TIP The most important program to keep up-to-date is Windows XP itself. I suggest that you keep up-to-date on Windows XP bugs and fixes through the Automatic Updates feature and through independent watchdogs. Configure Windows to notify you of critical updates. Subscribe to the security bulletin mailing lists at www.microsoft.com/security, www.ntbugtraq.com, and www.sans.org. If you use Internet Information Services to host a Web site, pay particular attention to announcements regarding Internet Explorer and IIS. Internet Explorer and IIS together account for the lion's share of Windows security problems. Security is partly a technical issue and partly a matter of organizational policy. No matter how you've configured your computers and network, one user with a modem and a lack of responsibility can open a door into the best-protected network. You should decide which security-related issues you want to leave to your users' discretion, and which you want to mandate as a matter of policy. On a Windows 200x domain network, the operating system enforces some of these points, but if you don't have a domain server, you might need to rely on communication and trust alone. The following are some issues to ponder:
Make public your management and personnel policies regarding network security and appropriate use of computer resources. If your own users don't respect the integrity of your network, you don't stand a chance against the outside world. A crucial part of any effective security strategy is making up the rules in advance and ensuring that everyone knows. |