Summary

This chapter contains over a dozen useful hints for minimizing the risk of malicious attack. It began by covering the computer security principles, which guide the specific recommendations. Guiding principles can be used to help the security administrator make the correct decision when specific guidance is not documented. Conventional defenses, such as not allowing the user to be logged in as an administrator, keeping patches up to date, using antivirus software, using anti-spam software, using anti-spyware software, hardening the TCP/IP stack, and providing physical security have always been necessary to any computer defense plan. Preventing boot up on anything other than the primary boot drive and password-protecting the BIOS configuration are not unique suggestions, but they bear repeating as they are not widely utilized.

Unconventional recommendations such as renaming highly privileged accounts, making bogus accounts, and installing services on non-default ports are great security-by-obscurity techniques. Often disdained by many security experts, these tips can significantly reduce the chance of a successful attack. Chapter 3 covers Windows NTFS permissions in more practical detail than you've ever read.