Password policy; Windows hardening for network setup

Are you prepared to build a new network from scratch? Windows security expert Kevin Beaver goes over a few security issues to think about when you are preparing to build a new network.

This Content Component encountered an error
As a small business grows, the need for a larger network grows with it. And with users sharing files and resources, security becomes of the utmost importance. Have you developed a proper password policy? How much Windows hardening have you done? Get the ins and outs on how to set up a network with security in mind with this advice from Kevin Beaver.

Question: I'm trying to figure out how to set up a network in my small company. What should I know about Windows hardening that will allow me to set up a secure network?
- Posed by a SearchWindowsSecurity.com reader.

Windows security expert Kevin Beaver offered this response:

Here are five commonly overlooked issues I see all the time after someone has set up a Windows network:

Didn't enable Windows Automatic Updates:
If Windows Automatic Updates is not enabled, then you could be running a network that is susceptible to vulnerabilities that have already been fixed by Microsoft. Learn how to optimize Windows Server Update Services (WSUS) in this tip from Brien M. Posey.

Didn't harden the system based on Microsoft's recommendations and others such as those at the Center for Internet Security website:
You can go over a series of Windows hardening tips in our expert advice section with Windows security expert Jonathan Hassell.

Didn't set up a password policy:
In our Password Security Vault, learn about password policies, password management best practices, how to crack passwords and recover lost passwords as well as harden existing passwords and more.

Did set up a ridiculously stringent password policy that's unreasonably difficult for users to work with:

Network setup extras
Controlling Windows executables

Managing information risks: Do you have IT governance?

It is not necessarily true that the more complicated your password policy, the more effective it will be. While an impossibly complex password is difficult for a hacker to break, it is illogical to expect users to remember them. And when users can't remember a password, what do they do? They write it down. Check out my tip about the fine lines between password security and complexity and usability.

Didn't set up NTFS file permissions properly, which allows anyone to access anything and create shares at will:
If you don't properly set up NTFS file permissions, you can kiss effective network security management goodbye. You need to set up these permissions for security and network authentication purposes in order to know who can and cannot access your network and what users can do once they are inside.

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has nearly two decades of experience in IT and specializes in performing information security assessments regarding compliance and risk management. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels information security audio programs providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.


This was first published in July 2007

Dig deeper on Microsoft Active Directory Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close