See exclusive video footage of Stuart Okin of Comsec Consulting and John Craddock of XT Seminars discussing the top five enhancements to secure Windows IT at http://www.virtuallyinformed.com.
COMSEC CONSULTING AND XTSEMINARS REVEAL TOP FIVE ENHANCEMENTS TO SECURE WINDOWS IT
• Advisory paper outlines five key areas of IT security to address in Windows environment, utilising technologies existing in the workplace.
London, 16 April 2009 – Comsec Consulting, a European market leader providing information security consulting services, and XTSeminars, a world class IT training consultancy, today reveal the five key areas of security within the Microsoft Windows environment regularly overlooked by the IT profession.
Based on the Advisory Paper entitled ‘Enhancing Five Key Areas of Windows Security - Utilitising Technologies Existing in the Workplace’, launched today by Comsec Consulting and XT Seminars, the advice for enhancing security on the Microsoft platform will appeal to any organisation dedicated to securing its business, without additional spend on new technologies.
The advisory paper examines some of the frequently overlooked and underutilised technologies inbuilt on the Microsoft platform which can enhance an organisation’s security posture, including:
• Password strength
• Administrative access
• Updates Management
• Security lockdown through group policy
• Unmanaged and noncompliant clients
John Craddock, Infrastructure and Security Architect, XT Seminars says “Often, solutions are developed that are narrowly focused and do not take advantage of technologies that have already been purchased as part of an operating system licence. Worst of all, in some instances, organisations have burnt their precious IT budget purchasing additional products to perform functions which are already inbuilt. In today’s climate we cannot afford to make those kinds of mistakes.”
Stuart Okin, Managing Director, Comsec Consulting UK, says “Due to the current economic climate, business priorities are shifting and areas such as spend on security may be under pressure, when in reality the threats are on the increase. In my experience, many organisations needlessly try to seek out the best of breed security solutions, as many of the features required are already available to them. In this time of financial cutbacks and budget restraints, our advice is for these companies to ensure that the ‘free’ enhanced security functionality that is built into Windows and its associated resource tools, are not being overlooked and are actually providing the value that they are supposed to.’
The paper examines 5 key security enhancements, summarised here:
• Password strength – The problem with weak passwords is that they can be easily guessed. Even if the authentication protocol is using Kerberos it is possible to capture the Kerberos pre-authentication packet from the network and perform an offline dictionary attack. STRONG passwords are a must. But how do we get users to remember them? The solution is to forget passwords and use pass phrases, “£!My*Car Cost 10,000$$$”. Remarkably strong and you will be surprised how easy pass phrases are to remember.
• Administrative access – There is one mantra by which all administrators should abide “Never logon to a system with more privileges than needed to do the task in hand”, this is the principal of least privilege access. In some situations this is easier said than done. The paper highlights a potential risk for domain joined computers and provides a simple solution using group policy to manage “Restricted Groups”.
• Update Management – It is evident from the number of systems still being successfully attacked that updates are still not being effectively managed. The Advisory Paper looks at the use of the Microsoft Windows Server Update Services (WSUS) for managing the deployment of updates and the use of the Microsoft Baseline Security Analyser (MBSA) to check for successful deployments. The use of virtualisation and Server Core is also examined with a view to simplifying update management and security lockdown.
• Enhance security through group policy – group policy provides an often underutilised vehicle for security lockdown. Combine group policy with the GPO Accelerator and guidance from the Security Compliance Management Toolkit Series and you have a winning combination.
• Securing unmanaged and noncompliant clients – If a client not joined to our domain then it is considered to be unmanaged. It is likely that there will be a number of unmanaged systems on our network; they may belong to developers, consultants, visitors or even hacker. We need to protect our valuable corporate resources form these systems. The simplest way of achieving this is through the use of IPsec. In the paper we look at the use of IPsec to provide both domain and server isolation. Network Access Protection (NAP) was introduced with Windows Server 2008 and we examine its use for managing computers that are not compliant with our corporate network health policy.
For a copy of the Advisory Paper, entitled ‘Enhancing Five Key Areas of Windows Security, Utilising Technologies Existing in the Workplace’ please visit http://www.comsecglobal.com or http://www.xtseminars.co.uk.
To view exclusive video footage of Stuart Okin, Comsec Consulting and John Craddock, XT Seminars, discussing the five key areas of windows security to enhance, visit http://www.virtuallyinformed.com.
Comsec Consulting (TASE: CMSC), is a leading provider of Information Security and Operational Risk services to organisations worldwide. Founded 20 years ago, Comsec operates offices in the United Kingdom, Netherlands, Poland, Turkey, France, Israel and with affiliates in the far east. Comsec covers all aspects of Information Security, from strategy and architecture, planning, design, ERP security services and advanced security solutions, as well as PCI and ISO27001 compliance, to all market sectors. In addition, Comsec provides deep level application threat assessment and testing services to leading software development companies and enterprises across the globe.
Please visit http://www.comsecglobal.com.
XTSeminars Ltd provides Seminars, Workshops and IT Consultancy. XTSeminars events will provide you with an exceptional level of technical detail. All of the seminars and workshops are built on years of field experience and best practice implementations. The seminars and workshops have been created to meet the needs of today’s busy IT Professionals and decision makers. Attend one of the public events or engage XTSeminars to run an onsite Technology Decision Maker Workshop or Technical Briefing Workshop.
Please visit http://www.xtseminars.co.uk
For further information, please contact:
t. 020 8224 9933
m. 07766 257776
This press release was distributed by ResponseSource Press Release Wire on behalf of Hothouse Communications in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.