The level of security provided in Microsoft operating systems is joke fodder for many IT pros. Some companies have stayed away from Microsoft for security's sake. You might be wondering if your servers and desktops -- as well as your entire organization -- are secure under your current Windows installation base. This is a valid concern and one that should not be taken lightly. Here, we will look at the areas you must ensure are secured.
Is the perception a reality?
I have been working with Windows since 9x and NT 4.0. When I first got involved with these operating systems, security was not as important as it is today. Back then, the intent of attacks was to just make things harder for IT professionals. I remember when service packs released to fix broken and insecure areas of Windows typically did more damage than good. When Microsoft tried to tackle security back then, it was merely a feeble attempt.
Over the past few years and operating systems, Microsoft has done a very good job of increasing the security features that are included in the operating system. However, the reality of the situation is that the default installation is not as secure as it could or should be. So, the perception is a reality! However, the perception that Microsoft operating systems are insecure is not wholly valid. There have been significant changes and features that help make a Windows computer very secure.
Where attention should be directed
Attention to your Windows servers and desktops should be given where security is an option but is not configured. Most of these settings are included in Group Policy. Therefore, you should have your IT staff do their due diligence on how to design, configure and deploy Group Policy. Microsoft has developed some Windows hardening and security guides that you can find here.
Special attention should be given to the following areas:
- Authentication protocols
- Anonymous access
- Network communication signing
- User rights
- Account policies
- Audit policies
- Administrator use and password
- Local group membership
Windows systems can be secured, but the installation does take some extra effort. Knowing that these systems are weak by default can give your IT staff the upper hand in locking them down before a disaster or breach happens. You can secure servers and desktops by using the security guides. Just remember that a Microsoft operating system is designed for ease of use first and security second. In almost all cases, these two have conflicting settings, which makes the default installation a bit weaker than desired.