Here is the fourth part of a sample security policy for end users, submitted by searchSecurity member Nap van Zuuren. Give it a read and tell us what you think by rating it at the bottom of the page. And, don't miss the rest of the policy; follow the link below. XIII. Additional Policy & (basic) Procedures on Security Issues
As a (highly necessary) precaution, you should keep your system well protected. Keeping your Windows 2000 updated:
Your Windows 2000 should have Service Packs 1 and 2 installed.
- Check Version via Help -> About ->
- It should indicate: Version 5.0 (Build 2195: Service Pack 2) When connected to the Internet:
In your Programs List activate "Windows Update"
- Click "Show Installed Updates"
You will be guided on the necessary Updates; many of these Updates are security related, so take your time for them.
Install "Windows Critical Update Notification" - If a "flag" is shown in your taskbar, you should act on the required install of a Critical Update.
When asked: Install "Microsoft Windows Update Active Setup"
Windows Update also provides the Updates for Internet Explorer. Do NOT change any of the installed security settings! Keeping your Microsoft Office programs updated:
When you have selected "Windows Update," being at windowsupdate.microsoft.com and selected "Product Updates," you also
- You will have the possibility to download and install the "Microsoft Office Product Updates Detection Engine."
You will be guided on the necessary Updates; many of these Updates are security related, so take your time with them. "Windows Update" also provides the updates for Internet Explorer 5.50. - (last Critical Update: Service Pack 1 of May 24,2001; Version now 5.50.4522.1800)
"Microsoft Office Update" also provides the Updates for Outlook, apart from the "Office" products.
Note: For these Updates you might need the CD, with which the installed Office 2000 files were installed on your system. You will have to contact your Network- or Sys-Admin in that case.
If it is impossible for you to get hold of the required CD, the same Service Packs (SPs) and Service/Security Releases (SRs) can be found via www.microsoft.com/security Virus protection
It is the end user's responsibility to keep the antivirus software updated.
Password RequirementsAs proper password usage is the most efficient way to prevent unauthorized access, the System Administration did set rules for passwords. If you use the wrong combination(s) of Login-ID and related Password, your system with be locked out after five access attempts, and intervention of the SysAdmin is required to get you online again.
For the choice of password the following requirements have to be met:
- Minimum length seven characters
- Minimum two of those characters have to be 'special' characters, so non-alphabetical and/or non-numerical
This sample policy is continued in Part Five.
This was first published in December 2001