6.4 Summary

In this chapter, you learned about the security vulnerabilities presented by computer software and how code signing provides assurances that the software your users install is from a particular author. As long as you trust that author, you can trust the code, since the signature guarantees that it hasn't been modified since written. You also learned how to configure Windows Server 2003 to prevent the installation of unsigned software, including unsigned device driver software. As more and more nefarious programmers seek to use software to compromise the security of business information systems, you will need to take stronger steps to protect your systems against unauthorized software. Digitally signed software and effective software restrictions provide the tools you need to protect your network.