Guy's Best Practice and Litmus Test Ezine #8
- Security
TipsThis week's newsletter features 6 security tips for Windows 2003.
Contents for Ezine #8
Since I incorporated 'Best Practice' into the title, people have a
better idea of what to expect from my ezine. However, my mission is still to
make 'Litmus Test' a catch phrase that you can apply not just to computing but
to everyday life. Specifically, I look for instant tests that distinguish
between amateurs and professionals - in any situation.
Warming to my 'Litmus Test' theme, I would like to apply the concept to Web
Hosts. In fact, I would like to introduce a very old method of judging services:
how do people react when the going gets tough and you have a problem?
Here are Guys latest Tips, Best Practices and Litmus Tests.This week, I would like to balance those Registry Hacks of the last ezine,
with some security tips for Windows 2003.
'Effective Permissions' is a tab that has been on administrator's wish list
for a long time. When you are checking on : 'who can do what', then the
Effective Permissions Tab is your saviour. It makes sense to find this tab
rather than log off and log on as a different user.
Just select any folder (or file); right-click and then choose Properties,
Security Tab, Advanced, and finally the Effective Permission Tab. Now you are
ready to play 'what if' games by selecting different groups and seeing what
their effective permissions would be.
If there is a difficulty with Effective Permission, it is that you have to know
the name of the person or group that you wish to test. My tip is just to type in
the first letter, and then you do get a list.
Calculating IP Address
ranges is a black art, which many network managers solve by creating custom
Excel spreadsheets. IPAT cracks this problem of allocating IP addresses
in networks in two ways:
For Mr Organized there is a nifty subnet
calculator, you enter the network address and the subnet mask, then IPAT
works out the usable addresses and their ranges.
For Mr Lazy IPAT
discovers and then displays the IP addresses of existing computers.
Download the Free IP Address Tracker
Passwords continue to be the number security weakness of most computer
systems. I was at a customer site last week and although they did not have
post-it notes on the screens, they had them under the keyboards! Seven years
ago, when I first saw fingerprint logon attachments, I nearly gave up my day
job. I was so excited by the technology that piggybacked the keyboard socket and
meant you just pressed a pad instead of giving a password. Well, I am glad I did
not give up my regular job but I still say swipe cards or fingerprint logons
will become the norm inside 3 years.
Windows 2000 and Server 2003 are ahead of the game, if you go to the user
properties, Account (tab), Account Options, if you scroll down you will see that
Microsoft is ready with their 'Smart Card is Required for Interactive Logon'
setting.
Here is a tool for SQL database administrators. What Authorization Manager
does is let you set permissions for role-based database applications. In truth
it's just another notch on my MMC belt, but one day I may find a killer use for
Authorization Manager.
The name of the executable is azman.msc. To launch the Authorization manager,
press Windows Key + R, and type azman.msc in the box.
Anonymous user has wings clipped.
Yes that Anonymous user, the one that IIS loves, is having its wings clipped.
In Windows Server 2003, did you know that the group Everyone now excludes this
Anonymous user?
Use encryption to protect your files against offline attack such as if a
laptop gets stolen. Unlike Windows 2000, you can now implement EFS without the
need to configure a recovery agent
To Encrypt a file, simply select a suitable document (.doc .txt are best), right-click, Properties then Advanced and select the Encrypt contents to secure data
checkbox.
This is useful for .NET passwords and other databases outside Windows Server
2003.
To see what Stored User Names and Passwords you have collected, click Start,
navigate to the Control Panel, and then double-click Stored User Names and
Passwords. While I do not have a great deal of use for this utility, I do like
to explore all the menus and applets just to see what may be needed one day.
See more on Security - Whole Section here
See more interesting free computer utilities
Here are my reviews of more useful computer tools. Most of these programs are free, while others
are major applications, but time-limited. One common theme is that
Solarwinds give you a free specialist utility, and then
supply a more comprehensive suite for larger organizations. To let you
into a secret; for small networks the free tool is all you'll ever need.
• E 202 Permissions Monitor •
E 190 Network Device Monitor •
E 181 Config Generator
• E 166 IPAM •
E 161 OB IT •
E 159 Kiwi Syslog Review •
E 156 Windows Network Monitor
• Real Time
Netflow Analyzer •
Syslog Utility • Ezines
Home • Ezines
Home
|
