The Network Security. Org

In depth security has become a requirement for every company. Your network boundaries, firewalls, VPNs, mobile computers, desktops, servers, domain controllers, etc., all need to be considered when you are designing for a secure environment. It is important to know what you get out of the box, as well as what options you have at your disposal to secure these environments. When you consider a new installation of a Windows server, 2000 or Server 2003, you might not be getting the security settings that you anticipate. Both of these operating systems’ security will not be configured to meet your expectations or company security requirements.

There are many reasons for the security of these servers to be set for weaker security. First, with so many other operating systems that might need to communicate with them, they need to be set for the “lowest common denominator” of security to ensure compatibility. The security options that come with Windows Server 2003 are not available on your Windows NT 4.0 Workstations, for example. Second, the servers might be running applications or services that can’t run with the heightened security. Your financial servers might be running a third-party accounting application that can’t handle encrypted network communication, for example. Third, it is my opinion that many network administrators and companies have been trained to use servers in this state and any form of heightened security at initial installation could render the server useless. I have seen more than my fair share of network administrators become confused when some computers have elevated security settings established, which stops communications with older operating systems. Hardening Servers with Security Templates

From around the Web

• Windows Vista Service Pack 2 Latest Release Schedule
• Vista SP2: What is inside?
• NetWitness releases free version of security software
• Three Reasons Why Users Won’t Buy Into Security
• Automated security testing & its limitations
• Google Wants to Preinstall Chrome Browser on PCs
• Mozilla warns of Firefox China add on
• Firefox No Longer an Automatic Defense Against Browser Drive Bys
• Google patches Chrome file stealing bug
• Apple plays catch up, adds anti fraud safeguard to Safari
• Researchers find vulnerability in Windows Vista
• How to Use Network Behavior Analysis Tools
• The insider security threat in IT and financial services
• Windows 7 security: An overall improvement?
• Windows 7 UAC could be less of a nag