Windows security: Is it weak?

By Derek Melber, Contributor 15 Dec 2005 | SearchWinIT.com

Digg This!     StumbleUpon     Del.icio.us

The level of security provided in Microsoft operating systems is joke fodder for many IT pros. Some companies have stayed away from Microsoft for security's sake. You might be wondering if your servers and desktops -- as well as your entire organization -- are secure under your current Windows installation base. This is a valid concern and one that should not be taken lightly. Here, we will look at the areas you must ensure are secured.

Is the perception a reality?

Related information: Maintaining a secure Active Directory network What's in a name? Active Directory security under the covers

I have been working with Windows since 9x and NT 4.0. When I first got involved with these operating systems, security was not as important as it is today. Back then, the intent of attacks was to just make things harder for IT professionals. I remember when service packs released to fix broken and insecure areas of Windows typically did more damage than good. When Microsoft tried to tackle security back then, it was merely a feeble attempt.

Over the past few years and operating systems, Microsoft has done a very good job of increasing the security features that are included in the operating system. However, the reality of the situation is that the default installation is not as secure as it could or should be. So, the perception is a reality! However, the perception that Microsoft operating systems are insecure is not wholly valid. There have been significant changes and features that help make a Windows computer very secure.

Where attention should be directed

Attention to your Windows servers and desktops should be given where security is an option but is not configured. Most of these settings are included in Group Policy. Therefore, you should have your IT staff do their due diligence on how to design, configure and deploy Group Policy. Microsoft has developed some Windows hardening and security guides that you can find here.

Special attention should be given to the following areas:

• Authentication protocols
• Anonymous access
• Network communication signing
• Services
• User rights
• Account policies
• Audit policies
• Administrator use and password
• Local group membership

Summary

Windows systems can be secured, but the installation does take some extra effort. Knowing that these systems are weak by default can give your IT staff the upper hand in locking them down before a disaster or breach happens. You can secure servers and desktops by using the security guides. Just remember that a Microsoft operating system is designed for ease of use first and security second. In almost all cases, these two have conflicting settings, which makes the default installation a bit weaker than desired.

Tags: VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Active Directory Mega-deal promises to connect Windows and Linux Understanding SID filtering and Active Directory trust relationships Active Directory: The Infrastructure Master, Global Catalog and more AD configuration Active Directory: Dealing with upgrades and user logs for Windows Server 2003 AD Active Directory: The need for AD controllers Active Directory: Registry keys can remove user groups With Active Directory, interoperability is a must "Active Directory Field Guide," Chapter 4, 'Deploying Group Policy' Securing your Active Directory network Locking computers using the password protected screensaver

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary