Fundamental Lockdown Principles

Previous page
Table of content
Next page


Before discussing client, server, IIS, and .NET specific security, let’s look at the fundamental policies every organization must employ to have a secure Windows environment.

  • Lock the door Before worrying about cyberterrorists, celebrity hackers, and script kiddies, protect yourself against good old-fashioned burglars. Make sure the critical application resources such as Web servers are in a locked room. This is also good hacker protection—what use is an Internet firewall if an intruder can simply walk into your office, unplug the server, and walk out the door with it?

    For more information on physically securing computers, see the MSDN article “5-Minute Security Advisor - Basic Physical Security,” which can be found at http://www.microsoft.com/technet/columns/security/5min/5min-203.asp.

  • Windows NT Windows comes in two flavors. The first group is the Win9x-based systems, which include Windows 95, Windows 98, and Windows ME. The second flavor is WinNT-based systems, which include Windows NT 3.51, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. Win9x operating systems cannot be locked down. To create a secure system, you’ll need to use a WinNT-based operating system. This applies to both clients and servers for Windows applications, and Web servers for Web applications. Note: for Web applications, the client’s operating system is irrelevant.

    The reason for recommending WinNT over Win9x is because Win9x uses the FAT file system, which cannot be secured. This means if someone gets access to a Win9x machine, she can examine or change any information on the hard drive—she could even install a program that monitors the keyboard and e-mails every user name and password anyone enters to the intruder or to a random stranger. WinNT in contrast supports the NTFS file system (which has authorization and auditing capabilities). For more details on this and other reasons WinNT is more secure, see the article “Windows 98 Security versus NT Security” in the MSDN library at http://msdn.microsoft.com/library/en-us/dnw98bk/html/windows98securityversusntsecurity.asp .

  • Antivirus software Every computer should be running antivirus software. The antivirus software should be enabled, and the virus signatures should be updated whenever a new signature file is published.

  • Service packs, security patches, and hot fixes Microsoft regularly releases service packs, security patches, and hot fixes. These should be applied to every computer as soon as they are released.

  • Least privilege Regular users should not log on as Administrator or be members of the Administrators group on their local machine or in their domain. Administrators have unlimited access, which means they can install and run viruses, delete system files, and look at other users’ private information. Instead, users should be part of the Users security group, which has permissions to use the computer, run software, and save information to the user’s private area of the computer.

  • Strong passwords Users should be restricted to using strong passwords that regularly expire and are sufficiently complex so that they:

    • Do not contain all or part of the user’s account name

    • Are at least six characters in length

    • Contain characters from three of the following four categories: English uppercase characters (A through Z), English lowercase characters (a through z), numeric digits (0 through 9), and non- alphanumeric characters (for example, !,$#,%).

    Windows can be configured to enforce strong passwords. For more information, see the TechNet article “5-Minute Security Advisor - Choosing a Good Password Policy,” which can be found at http:// www.microsoft.com/technet/columns/security/5min/5min-302.asp.

    Strong password policy should be applied to both Windows domain accounts and individual machine Administrator and local accounts.

  • Backups All servers and critical information should be backed up regularly. The backup integrity must be frequently tested to ensure that the system can actually be restored from a backup.

  • Maintenance To maintain a secure state, companies must keep updating computers with the latest virus signatures, hot fixes, service packs, and security patches. It’s important to recognize that security will never be static—new threats are emerging all the time, and systems need to be continuously updated to counter the threats. A part of regular maintenance is to check system logs, looking for symptoms of security issues such as failed logins.

  • No back doors Do not build in any back doors—shortcuts into the system that bypass security. Intruders often look for back doors first.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Project Management JumpStart
Data Structures and Algorithms in Java
Mastering Delphi 7
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Microsoft VBScript Professional Projects
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy