• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint


Preparation involves eliminating unnecessary sources of risk before they can be attacked. You should take the following steps:

  • Invest time in planning and policies. If you want to be really diligent about security, for each of the strategies I describe in this chapter, outline how you plan to implement each one.

  • Structure your network to restrict unauthorized access. Do you really need to allow users to use their own modems to connect to the Internet? Do you want to permit access from the Internet directly in to your network, indirectly via a Virtual Private Network (VPN), or not at all? Eliminating points of access reduces risk, but also convenience. You'll have to decide where to strike the balance.

    If you're concerned about unauthorized in-house access to your computers, be sure that every user account is set up with a good password—one with letters and numbers or punctuation. Unauthorized network access is less of a problem with Simple File Sharing, as all network users are treated the same, but you must ensure that an effective firewall is in place between your LAN and the Internet. I'll show you how to use the Windows firewall later in this chapter.

    → To learn more about simple file sharing, seeSimple File Sharing,” p. 1088.

  • Install only needed services. The less network software you have installed, the less you'll have to maintain through updates, and the fewer potential openings you'll offer to attackers.

    For example, don't install SMTP or Internet Information Services unless you really need them.

    The optional “Simple TCP Services” network service provides no useful function, only archaic services that make great denial of service attack targets. Don't install it.

  • Use software known to be secure and (relatively) bug free. Use Windows's Automatic Updates feature. Update your software promptly when fixes become available. Be very wary of shareware and free software, unless you can be sure of its pedigree and safety.

  • Properly configure your computers, file systems, software, and user accounts to maintain appropriate access control. We'll discuss this in detail later in the chapter.

  • Hide from the outside world as much information about your systems as possible. Don't give hackers any assistance by revealing user account or computer names, if you can help it. For example, if you set up your own Internet domain, put as little information into DNS as you can get away with. Don't install SNMP unless you need it, and be sure to block it at your Internet firewall.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint