Checking security vulnerability
In a previous Windows Security tip, I looked at some procedures that an administrator should apply to ensure that a certain measure of security is in place. Please refer to Conduct Internal Security Reviews.
Run Fewer Services
Running fewer services can reduce the risk of exposing the Operating System to attack.
An example would be to not have the Remote Access Server (RAS) running on a server that is not performing any Dial-in Access.
Subscribe to Security Bulletins
There are many Web sites that provide access to Windows NT/Windows 2000 security newsletters. The major one that a network administrator should subscribe to is the Microsoft security Web site. Here, up-to-date information is provided on many major security issues relating to Microsoft products. Of course it goes without saying that immediate action must be taken wherever security vulnerabilities are discovered in the operating system, and in most cases this may involve applying patches to resolve the vulnerability.
Assigning personnel who are neither trained nor have the time to do the job of a network administrator to maintain security is by itself a security vulnerability issue. The full-time network administrator or the CIO should ensure that the back-up resource personnel is fully trained and will devote his/her time fully to performing the duties of the network administrator.
Enabling Auditing through the Event Viewer and auditing events can alert the network administrator if unauthorized personnel are trying to access the network. Here are some of the logs that you can check for unauthorized activity:
- Account log on events
- Log on events
- Object access
- Policy change
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.
This was first published in January 2002