Checking security vulnerability

More things to look for to ensure that your security is where it should be.

 

Checking security vulnerability
Adesh Rampat

In a previous Windows Security tip, I looked at some procedures that an administrator should apply to ensure that a certain measure of security is in place. Please refer to Conduct Internal Security Reviews. In this tip I want to present a couple tips that can be of use to the network administrator as part of his/her overall security procedures.

Run Fewer Services

Running fewer services can reduce the risk of exposing the Operating System to attack.

An example would be to not have the Remote Access Server (RAS) running on a server that is not performing any Dial-in Access.

Subscribe to Security Bulletins

There are many Web sites that provide access to Windows NT/Windows 2000 security newsletters. The major one that a network administrator should subscribe to is the Microsoft security Web site. Here, up-to-date information is provided on many major security issues relating to Microsoft products. Of course it goes without saying that immediate action must be taken wherever security vulnerabilities are discovered in the operating system, and in most cases this may involve applying patches to resolve the vulnerability.

Untrained Personnel

Assigning personnel who are neither trained nor have the time to do the job of a network administrator to maintain security is by itself a security vulnerability issue. The full-time network administrator or the CIO should ensure that the back-up resource personnel is fully trained and will devote his/her time fully to performing the duties of the network administrator.

Event Viewer

Enabling Auditing through the Event Viewer and auditing events can alert the network administrator if unauthorized personnel are trying to access the network. Here are some of the logs that you can check for unauthorized activity:

  • Account log on events
  • Log on events
  • Object access
  • Policy change

Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.


This was first published in January 2002

Dig deeper on Microsoft Windows Data Backup and Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close