Best Practices

Best Practices

  • Define baseline security settings in security templates.

    By defining baseline security settings in security templates, you ensure that the required security settings can be reproduced on additional computers. Security templates also document the required security settings.

  • Implement separate security templates for each computer configuration deployed on your network.

    For example, a Microsoft SQL Server security template will contain security settings specific to instances of SQL Server deployed on the network.

  • Use GPOs to ensure consistent application of security templates.

    By importing the security template settings into a GPO, you ensure that the security settings are consistently applied to the target computers and you prevent modification of the settings in the local security policy of a target computer.

  • Review security configuration of computers.

    Periodically, you should use tools such the Security Configuration and Analysis console or the Secedit.exe utility to ensure that the security settings defined at a target computer do not differ from the security template defined for that computer configuration.

  • Perform regular security assessments of the computers on your network.

    Security assessments identify common security misconfigurations and security patches or updates that must be applied to the target computer. You can choose from Microsoft-specific tools such as the MBSA tool or third-party tools such as the eEye Retina Network Security Scanner and the ISS Internet Scanner.

  • Identify all open ports on computers exposed to the Internet.

    An attacker will typically scan an Internet-exposed computer to identify which ports are open and exposed to the Internet. By performing port scans from both the Internet and the local computer, you can ensure that only desired ports are exposed to the Internet. For example, a Web server should expose only TCP port 80 and TCP port 443 to the Internet. All other ports should not be accessible to the Internet.



Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net