Get a glimpse inside Roberta Bragg's latest book Hardening Windows Systems with this series of book excerpts. Below you will find the introduction and 10 quick tips to hardening Windows excerpted from Chapter 1: "An immediate call to action." Click here for the
An immediate call to action
[ Return to Table of Contents ]
We have a big problem. We aren't doing what we need to do to secure our Windows computers. We know what we need to do; we just don't do it. This is not to say that we have all the answers. Just as there is no way to keep a determined burglar out of your house, there is no way to ever make a Windows system, or any other operating system, 100% secure. But we do have a lot of answers. We know what to do to prevent most types of attacks from being successful.
But instead of systematically hardening the operating system; instead of physically securing systems; instead of instilling a culture of security that includes everyone -- yes, I mean everyone -- in the business of security; instead of doing any of these things, we frantically patch systems and complain about insecure products. Then, when our networks are broken into and credit card data or other sensitive data is stolen, or systems damaged, we blame the problems on someone else.
Stop. Stop right now. These actions are like 14-year-old boys and girls or the extras in a grade B movie when Godzilla attacks. You're either blindly reacting, or you're paralyzed into inaction. Stop reacting, stop sitting on the fence and start acting.
Take control of information security. Moreover, note that I said information security; computers are one small part of that. You need a comprehensive plan that secures information wherever it resides: on the mainframe; in the Linux Web server; in the Active Directory; on a PDA; in or available through smart phones; and yes, in the hearts and minds of the employees, contractors, partners and customers of your organization.
We know what to do, so let's do it.
Let's change our reactive model of information security to a more proactive one. "Hardened systems are secure systems." By hardened, we mean locked down, secured and stripped of inessentials. By systems, we mean computers, networks and people. So how do you do this? Write the policy. Engage management in the discussion. Dig out the reference works that tell you how to secure whatever it is you have to secure, and get busy. If you have to, harden one computer at a time. Harden one concept at a time. Harden one person at a time. If you don't have the authority to harden something, find out what you need to do to get the authority. If you don't know what to do, find out. If you're afraid that what you do may cause something to fail, test it. If you are overwhelmed with the sheer size of the project you have set before yourself, get help.
Ultimately, you can't do it alone anyway. Security is everyone's business, and everyone must get involved. As an IT pro, though, it's up to you to start. Above all, mount your hardening, securing campaign in at least two directions: the big picture and the intimate reality of your day-to-day work. Much of the cultural change that we need to make will not come swiftly or easily. It requires planning and commitment. It requires evangelists and disciples, leaders and doers, talkers and strong, silent types. Making security as easy and as pervasive as breathing will not happen overnight. But you can effect significant changes in the security posture and actual security status of your networks right now by doing things that are under your control. What you can do will depend on your authority, but we can all do things that will have an enormous impact.
10 Windows hardening tips in 10 minutes
[ Return to Table of Contents ]
Here are 10 things you can do right now, right this minute, to increase security on your Windows networks. Click on any link for the complete tip on our sister site, SearchWindowsSecurity.com. Click the back button on your browser to return here.
- 1. Strengthen the password policy
2. Lock down remote administration
3. Lock down administrative workstations
4. Physically secure all systems
5. Keep secrets
6. Disable EFS
7. Ban wireless networks that don't meet tough security policy requirements
8. Don't allow unprotected laptops and desktops to connect to the LAN
9. Use Runas or Su
10. Disable infrared file transfer
This tip originally appeared on our sister site SearchWindowsSecurity.com.
This was first published in February 2005