Friday, June 02, 2006

Security - Your ONLY line of defense

Let me talk a little about security, not only network security, but security overall. Antivirus, Patching, and Anti-Spyware solutions are necessary and required in todays computer society. It is necessary and should be put in place from the very start, even on a home network. A firewall, even the built-in windows firewall, is a first step to ensure that you mitigate the risk of being compromised. However, there are several things that you can do on the Workstation, Server and Routers to help limit the risks. So, here is my TOP 10 list of ways to protect yourself and the company.

  1. Implement secureity filters at the external router/firewall.
    TCP/UDP 135 (RPC)
    UDP 137, 138; TCP 139
    (This will stop over 80 percent of available tools for hacking NT systems)
    TCP/UDP 161, 162 (SNMP)
  2. Change all system accounts passwords to strong passwords.
  3. Enable NT security auditing on all machines:
    * Audit all failures
    * Audit successful logons
    * Audit successful security policy changes
    * Audit successful startup and shutdown of system events
    * Do not allow log overwrite
    * Save the audit logs regularly.
  4. Restrict anonymous logons
  5. Control remote access to the registry
  6. Restrict access to the scheduler service
  7. Rename the administrator account
  8. Disable unneeded services, as appropriate:
    * RAS
    * Unnecessary network protocols
    * Server
    * Alerter
    * Messenger
  9. Create a dummy administrator account with heavy auditing and a login script that activates an alarm.
  10. And…
    Configure your firewall to deal with IP spoofing and Smurf attacks.
    * Look out for that Brainy Smurf, he is tricky one.

No comments: