Windows server security is main concern because server is the heart of a small business. So its better to provide good server security. So we have to review in short span of time all server security.
Check password policy set in the Windows Operating System i.e. password is required, no expiration, minimum password length. Weak or IDs without passwords are an open invitation for intruder to hack into your computer systems.
Step 1 How to extract IDs and Security Policies From the Windows Server.
a) I use a neat free tool called Somarsoft ACL.
b) Install the tool and Run DumpSec program.
c) Extract the permissions of user, group, file system, registry, password policy and other information you find useful.
Step 2 Cross check the IDs with the Administrator
a) Once you have extracted these information, cross check with the administrator if all the IDs and password policy extracted from the tool are valid and necessary.
b) Delete or disable the unnecessary IDs and enforce the stronger password policy.
c) Further ensure that only IDs that are absolutely required are active and enforce a strong password policy using Windows Active Directory. e.g. complex alphanumeric password, 180 days password expiration. As for PC make sure the administrator password is changed and only known by yourself/office administrator.
d) Everyone else should use basic IDs.
e) Activate password for the screen saver to lock the PC screen when there is no activity for say 10 minutes.
f) Educate all users on the importance of computer security.
g) One of the reminders I usually highlight is do not share passwords and do not stick the password in front of the computer monitor for all to view.
Source: Ezine
No comments:
Post a Comment