This page contains a Flash digital edition of a book.
ATight Budget


Doesn’t Have to Mean L oose S ecurity


16 BY KEVIN BEAVER A


TIGHT BUDGET may be preventing you from purchasing all the


third-party security management tools you need. However, if you’re running Windows 7 in your enterprise, you’re in luck because Microsoft’s latest desktop operating system offers a plethora of free built-in security options. And when you combine these features with the complementary server-level tools in Windows Server 2008 R2 and third-party commercial products, you can do almost anything to support the security lifecycle shown below. The basic process for keeping your desktop security in check:


Find the Flaws Plug the Holes Monitor the Changes


5 Key Areas to Strengthen in Weak


Economic Times Desktop Firewall It may sound trite and repetitive,


but desktops are often found without a host-based firewall. Windows Firewall with Advanced Security allows for unbelievable granularity over inbound/outbound traffic on Windows 7 systems. It provides a central interface for


creating, managing, and monitoring rules as well as importing, exporting, and diagnosing


problems with your Windows Firewall configurations. When you combine Windows Firewall with Group Policy Objects, you can truly lock down your environment from intruders and in many cases malware.


Patch Management Is there really anything more that


needs to be said about applying patches in a timely fashion? Windows Update lets you do almost everything; however, determining how to patch third-party software on your systems can be a challenge. In this respect, you still need to run Windows Server Update Services (WSUS) with some third-party patch managers, or just third-party patch managers themselves, to ensure that all the important updates are being applied. In addition, DirectAccess can help facilitate the patch management process for remote users.


Mobile Drive Encryption While BitLocker has some


deployment and management problems, many businesses don’t rely solely on laptops for workstations. The traditional desktop is here to stay, and if you have a relatively small number of laptops in need of encryption, then BitLocker may be a good option for you. Regardless of the administrative headaches, it’s still better than no encryption.


Data Backups Windows 7’s Backup and Restore


may seem “old school,” but it can keep your users safe when a drive fails or the system is lost or stolen.


This brings up another point: Why are workstations not being backed up in the enterprise? The common justifications of, “We tell people not to store anything locally,” and “We don’t have bandwidth or storage space,” are no longer relevant, and downright dangerous. Many users, especially remote users, have lost critical files because of the assumption that everything was getting backed up.


Nondefault Features There are also several nondefault


Windows desktop features that can help with ongoing desktop security management, like Internet Information Services, Telnet, and Trivial File Transfer Protocol. In addition, Microsoft Baseline Security Analyzer 2.2 supports Windows 7 and can find basic flaws before they are exploited. This list barely scratches the


surface of what can be done, and automated, using Windows PowerShell and Sysinternals. Depending on the size of your network and your resources for managing enterprise desktops, these security management tools may or may not be viable long-term solutions. But being creative and working with what you’ve got is part of keeping an IT shop running. So if your budget is tight, or non- existent, you might as well put these things to use. At least you’ll have some semblance of control for the immediate future.


ABOUT THE AUTHOR Kevin Beaver has been an information security expert


in the industry for over two decades.


WWW.MOREDIRECT.COM


VOLUME 3 • ISSUE 1


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36