LONDON, UK: Comsec Consulting, a European market leader providing information security consulting services, and XTSeminars, leading IT training consultancy, has revealed five key areas of security within the Microsoft Windows environment regularly overlooked by the IT profession.
Based on the Advisory Paper entitled 'Enhancing Five Key Areas of Windows Security - Utilitising Technologies Existing in the Workplace', launched by Comsec Consulting and XT Seminars, the advice for enhancing security on the Microsoft platform will appeal to any organisation dedicated to securing its business, without additional spend on new technologies.
The advisory paper examines some of the frequently overlooked and underutilised technologies inbuilt on the Microsoft platform which can enhance an organisation's security posture, including:
• Password strength
• Administrative access
• Updates Management
• Security lock down through group policy
• Unmanaged and non-compliant clients
John Craddock, Infrastructure and Security Architect, XT Seminars says "Often, solutions are developed that are narrowly focused and do not take advantage of technologies that have already been purchased as part of an operating system licence. Worst of all, in some instances, organizations have burnt their precious IT budget purchasing additional products to perform functions which are already inbuilt. In today's climate we cannot afford to make those kinds of mistakes."
Stuart Okin, managing director, Comsec Consulting UK, says: "Due to the current economic climate, business priorities are shifting and areas such as spend on security may be under pressure, when in reality the threats are on the increase. In my experience, many organizations needlessly try to seek out the best of breed security solutions, as many of the features required are already available to them. In this time of financial cutbacks and budget restraints, our advice is for these companies to ensure that the 'free' enhanced security functionality that is built into Windows and its associated resource tools, are not being overlooked and are actually providing the value that they are supposed to."
The paper examines five key security enhancements, summarised here:
• Password strength – The problem with weak passwords is that they can be easily guessed. Even if the authentication protocol is using Kerberos it is possible to capture the Kerberos pre-authentication packet from the network and perform an offline dictionary attack. STRONG passwords are a must. But how do we get users to remember them? The solution is to forget passwords and use pass phrases, "£!My*Car Cost 10,000$$$". Remarkably strong and you will be surprised how easy pass phrases are to remember.
• Administrative access – There is one mantra by which all administrators should abide "Never log on to a system with more privileges than needed to do the task in hand", this is the principal of least privilege access. In some situations this is easier said than done. The paper highlights a potential risk for domain joined computers and provides a simple solution using group policy to manage "Restricted Groups".
• Update Management – It is evident from the number of systems still being successfully attacked that updates are still not being effectively managed. The Advisory Paper looks at the use of the Microsoft Windows Server Update Services (WSUS) for managing the deployment of updates and the use of the Microsoft Baseline Security Analyser (MBSA) to check for successful deployments. The use of virtualization and Server Core is also examined with a view to simplifying update management and security lock down.
• Enhance security through group policy – group policy provides an often underutilised vehicle for security lock down. Combine group policy with the GPO Accelerator and guidance from the Security Compliance Management Toolkit Series and you have a winning combination.
• Securing unmanaged and non-compliant clients – If a client not joined to our domain then it is considered to be unmanaged. It is likely that there will be a number of unmanaged systems on our network; they may belong to developers, consultants, visitors or even hacker. We need to protect our valuable corporate resources form these systems. The simplest way of achieving this is through the use of IPsec.
