Windows environment Essay Example for Free

Windows purlieu EssayIf you get these 10 settings right, and youll go a long way toward making your Windows environment more secure. Each of these falls under the Computer ConfigurationWindows SettingSecurity Settings leaf. Rename the Local Administrator Account If the bad guy doesnt crawl in the name of your Administrator aim, hell lose a much harder time hacking it. Disable the Guest Account One of the worst things you can do is to change this account. It grants a fair amount of access on a Windows computer and has no password. Enough said Disable LM and NTLM v1 The LM (LAN Manager) and NTLMv1 authentication protocols have vulnerabilities. Force the use of NTLMv2 and Kerberos. By default, most Windows systems will accept all four protocols. Unless you have in reality old, unpatched systems (that is, more than 10 years old), theres rarely a reason to use the older protocols. Disable LM hash storage LM password hashes are easily convertible to their plaintext password equi valents.Dont allow Windows to line them on disk, where a hacker hash dump beast would find them. Minimum password length Your minimum password size should be 12 characters or more. Dont bellyache if you only have 8-character passwords (the most common size I see). Windows passwords arent even close to secure until they are 12 characters long and really you want 15 characters to be truly secure. Fifteen is a magic number in the Windows authentication world. Get there, and it closes all sorts of backdoors. Anything else is accepting unnecessary risk. maximum password age Most passwords should not be used longer than 90 days. But if you go to 15 characters (or longer), one year is actually acceptable. ninefold public and private studies have proven that passwords of 12 characters or longer are relatively secure against password cracking to about that length of time. typesetters case logs Enable your event logs for success and failure.As Ive covered in this column many times, the vast majority of computer crime victims might have detect the crime had they had their logs on and been looking. Disable anonymous SID enumeration SIDs (Security Identifiers) are numbers assigned to each user, group, and other security subject in Windows or Active Directory. In early OS versions, non-authenticated users couldquery these numbers to identify important users (such as Administrators) and groups, a fact hackers loved to exploit. Dont let the anonymous account reside in the everyone group Both of these settings, when set incorrectly, allow an anonymous (or null) hacker far more access on a system than should be given.These have been disabled by default since 2000, and you should make sure they stay that way. Enable User Account Control Lastly, since Windows Vista, UAC has been the No. 1 protection tool for people browsing the Web. I find that many clients turn it off due to old information about application compatibility problems. Most of those problems have at peace(p) away, and many of the remaining ones can be solved with Microsofts free application compatibility troubleshooting utility. If you disable UAC, youre far closer to Windows NT security than you are a modern operating(a) system.