Tip

Password policy; Windows hardening for network setup

As a small business grows, the need for a larger network grows with it. And with users sharing files and resources, security becomes of the utmost importance. Have you developed a proper password policy? How much Windows hardening have you done? Get the ins and outs on how to set up a network with security in mind with this advice from Kevin Beaver.

Question: I'm trying to figure out how to set up a network in my small company. What should I know about Windows hardening that will allow me to set up a secure network?
- Posed by a SearchWindowsSecurity.com reader.

Windows security expert Kevin Beaver offered this response:

Here are five commonly overlooked issues I see all the time after someone has set up a Windows network:

Didn't enable Windows Automatic Updates:
If Windows Automatic Updates is not enabled, then you could be running a network that is susceptible to vulnerabilities that have already been fixed by Microsoft. Learn how to optimize

Requires Free Membership to View

Windows Server Update Services (WSUS) in this tip from Brien M. Posey.

Didn't harden the system based on Microsoft's recommendations and others such as those at the Center for Internet Security website:
You can go over a series of Windows hardening tips in our expert advice section with Windows security expert Jonathan Hassell.

Didn't set up a password policy:
In our Password Security Vault, learn about password policies, password management best practices, how to crack passwords and recover lost passwords as well as harden existing passwords and more.

Did set up a ridiculously stringent password policy that's unreasonably difficult for users to work with:

Network setup extras
Controlling Windows executables

Managing information risks: Do you have IT governance?

It is not necessarily true that the more complicated your password policy, the more effective it will be. While an impossibly complex password is difficult for a hacker to break, it is illogical to expect users to remember them. And when users can't remember a password, what do they do? They write it down. Check out my tip about the fine lines between password security and complexity and usability.

Didn't set up NTFS file permissions properly, which allows anyone to access anything and create shares at will:
If you don't properly set up NTFS file permissions, you can kiss effective network security management goodbye. You need to set up these permissions for security and network authentication purposes in order to know who can and cannot access your network and what users can do once they are inside.

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has nearly two decades of experience in IT and specializes in performing information security assessments regarding compliance and risk management. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels information security audio programs providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.


This was first published in July 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.