Friday, April 12, 2019
Windows environment Essay Example for Free
Windows environment EssayIf you get these 10 settings right, and youll go a long way toward making your Windows environment a good deal safe. Each of these falls under the Computer ConfigurationWindows SettingSecurity Settings leaf. Rename the Local administrator Account If the bad guy doesnt know the name of your Administrator account, hell do a much harder time hacking it. hamper the Guest Account One of the worst things you can do is to enable this account. It grants a fair amount of access on a Windows electronic computer and has no rallying cry. Enough said Disable LM and NTLM v1 The LM (LAN Manager) and NTLMv1 authentication protocols have vulnerabilities. Force the use of NTLMv2 and Kerberos. By default, most Windows systems will charter all four protocols. Unless you have really old, unpatched systems (that is, more than 10 years old), theres rarely a designer to use the older protocols. Disable LM hash storage LM password hashes are comfortably convertible t o their plaintext password equivalents.Dont offer Windows to store them on disk, where a hacker hash dump scape would find them. Minimum password length Your minimum password size should be 12 characters or more. Dont bellyache if you only have 8-character passwords (the most common size I see). Windows passwords arent even close to secure until they are 12 characters long and really you want 15 characters to be truly secure. Fifteen is a magic number in the Windows authentication world. Get there, and it closes all sorts of backdoors. Anything else is accepting unnecessary risk. Maximum password age Most passwords should not be used longer than 90 days. But if you go to 15 characters (or longer), one year is actually acceptable. Multiple public and private studies have proven that passwords of 12 characters or longer are relatively secure against password cracking to about that length of time. Event logs change your event logs for success and failure.As Ive covered in this colu mn some times, the vast majority of computer crime victims might have noticed the crime had they had their logs on and been looking. Disable anonymous SID enumeration cot death (Security Identifiers) are numbers assigned to each user, group, and other certificate subject in Windows or energetic Directory. In early OS versions, non-authenticated users couldquery these numbers to identify important users (such as Administrators) and groups, a circumstance hackers loved to exploit. Dont let the anonymous account reside in the everyone group Both of these settings, when set incorrectly, allow an anonymous (or null) hacker far more access on a system than should be given.These have been disabled by default since 2000, and you should make sure they stay that way. Enable User Account get a line Lastly, since Windows Vista, UAC has been the No. 1 protection tool for people browsing the Web. I find that many clients snatch it off due to old information about application compatibility pro blems. Most of those problems have gone away, and many of the remaining ones can be solved with Microsofts free application compatibility troubleshooting utility. If you disable UAC, youre far closer to Windows NT security than you are a modern operating system.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.