Best Practices

Windows Machine Compromises

Problems  

• Administrator accounts (Default admin-level accounts such as administrator, root, admin, sqlagent, wwwadmin, etc) having no passwords or weak passwords

• Unsecured file shares --- for example, Everyone group on ACL for file shares

• Not keeping systems updated with security patches and/or current anti-virus software

Solutions & Resources

• Utilize the scanning service to have systems scanned for security vulnerabilities. (The idea being to find the problems before the bad guys do, and get them fixed.)  See http://cio.uiowa.edu/ITsecurity/Scan/networkscan-form.shtml You can also send a note to it-security@uiowa.edu with a list of IP addresses to be scanned and we'll arrange to have them done in a batch.

• SANS Step by Step Securing Windows 2000 and Securing NT documents at  http://cio.uiowa.edu/ITsecurity/resources/ are freely available to the campus.

• Center for Internet Security (CIS) Benchmark documents are available at http://www.cisecurity.org  They give recommended baseline security settings for Windows and other operating systems.  They also have sample security templates for Windows machines. 

• Windows 2000 and XP both provide facilities for IP filtering -- that is, to block certain IP addresses from your machines.  Its called the Internet Connection Firewall in XP, and in 2000 it's "buried" under Networking/TCPIP/Properties/Advanced/Options/TCPIP FIltering.   An alternative is to install a personal firewall on the machine. 

• The SANS Top 20 Vulnerabilities list has some very basic precautions that should be followed, too.  See http://www.sans.org/top20.htm for their consensus document. 

• Make sure the workstation anti-virus software is kept updated daily.  I recommend using the Symantec site licensed software, it is preconfigured for daily updates directly from Symantec.  See the ITS Help Desk Virus Page for more information. http://helpdesk.its.uiowa.edu/virus/

• Use the Windows Update function regularly, and consider turning on the Automatic Update program, so you are alerted when updates are available

• CERT’s Windows configuration guidelines are a good discussion of concepts, although the location/directions are geared towards NT. http://www.cert.org/tech_tips/win_configuration_guidelines.html

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © The University of Iowa. All rights reserved.