Sunday,Dec27,

Windows 2000 Security

I was asked recently at a car dealership and we perform a security analysis on their Windows Server 2000 machines.

This is what I do to recommend that every Windows 2000 machine if necessary.

Make sure that the Guest account is disabled. It is disabled by default.

One problem that I must be given notice when I go to companies, many accounts are still active for employees who are no longer there. They should be removed when the employee is terminated or leaves on their ownaccord. Disgruntled employees have been known to wreck havoc.

Group policies can and should be implemented and tested to ensure in a Windows 2000 environment, not to create additional accounts or accounts with weak passwords.

Password security is also important when your password is weak, will be cracked. I have been in the company where your password is your initials. This is too easy. Password implement policies and account lockouts after multiple failed login attempts. WARNING thiscan cause a denial of service attack. Create multiple admin accounts and give them different rights. A strong password policy for administrative tasks.

Open Run Net Share from the command line to see shares on your network and shut unless that determination is required.

Go into the BIOS and set a user password, and uncheck the option of the system from a floppy, USB or CD. People can so the SAM file, which is a stored password hash on your system from a Linux boot CD or other tools. ThenAttempt to crack the hash.

Change the administrator account with a different name. This is usually a cracker first attempt. Rename it to something else as root as well.

Use NTFS on all partitions, which gives you more control and security than the FAT file system.

Make sure that "everyone" permission is not allowed on your resources, directories, etc.

Have the last activated user logged off. This makes it easier for an attacker to guess passwords. There are alreadyhalfway there that have the username.

Apply appropriate Access Control Lists.

Do not forget about the people around you and either lock if you must leave your job or activate a screen saver, secure with a password. Insider threats have become reality.

You can enable EFS encryption file system, but you can also encrypt entire directories. I suggest if your really paranoid or Smart into a utility that you can select different encryption algorithms to search. I do not likeEncryption standards, which are closed. Means that we cannot see the source code. I prefer the open source easier to search for holes and attacks.

Make backup copies of all important files. This is the most important thing I learned in system administration. Backup, backup, backup to something that can not be like a CD-R will be overwritten.

To configure security policies using the Security Configuration Toolset, you can assign your job by snap-ins.

I visited the Microsoft websitein order to see what they had, I must say, there is a wealth of information.

Drive services are not needed. The more ports that are open and the more applications that are more opportunities for attack.

Restrict access to local security authority only admin.

Change log warn that such a thing. Only authorized personnel records, "all activities monitored. Abuse is in full will be prosecuted."

Take individual ports, which arenot used.

Personally, I like smart cards for two form authentication. I am recommending RSA for machines that need more security ID secure.

Enable auditing on what are the users and potential intruders on your way to this system.

Everything from login attempts to access the objects can be checked in Windows 2000.

Protect the registry from anonymous access.

Make sure that the audit logs are locked down so they can not be deleted or manipulated. Only the admin should have rights tothese files.

Install Service Packs.

Make sure that your antivirus software up to date with the latest signatures.

Run a spy ware utility.

You can also use an online vulnerability checker like Shields Up from Gibson Research.

Get automated patch software.

Remember that security is not something that can be completed. Keep up to date.

notebook hp dv machine id certifications

Labels: , Posted by tun at 5:30 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger