Guy’s Best Practice and Litmus Test Ezine #8 – Security Tips
This week’s newsletter features 6 security tips for Windows 2003.
Contents for Ezine #8
Since I incorporated ‘Best Practice’ into the title, people have a better idea of what to expect from my ezine. However, my mission is still to make ‘Litmus Test’ a catch phrase that you can apply not just to computing but to everyday life. Specifically, I look for instant tests that distinguish between amateurs and professionals – in any situation.
Warming to my ‘Litmus Test’ theme, I would like to apply the concept to Web Hosts. In fact, I would like to introduce a very old method of judging services: how do people react when the going gets tough and you have a problem?
Here are Guys latest Tips, Best Practices and Litmus Tests.
This week, I would like to balance those Registry Hacks of the last ezine, with some security tips for Windows 2003.
‘Effective Permissions’ is a tab that has been on administrator’s wish list for a long time. When you are checking on : ‘who can do what’, then the Effective Permissions Tab is your saviour. It makes sense to find this tab rather than log off and log on as a different user.
Just select any folder (or file); right-click and then choose Properties, Security Tab, Advanced, and finally the Effective Permission Tab. Now you are ready to play ‘what if’ games by selecting different groups and seeing what their effective permissions would be.
If there is a difficulty with Effective Permission, it is that you have to know the name of the person or group that you wish to test. My tip is just to type in the first letter, and then you do get a list.
Guy Recommends: The Free IP Address Tracker (IPAT)
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges.
For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker
Passwords continue to be the number security weakness of most computer systems. I was at a customer site last week and although they did not have post-it notes on the screens, they had them under the keyboards! Seven years ago, when I first saw fingerprint logon attachments, I nearly gave up my day job. I was so excited by the technology that piggybacked the keyboard socket and meant you just pressed a pad instead of giving a password. Well, I am glad I did not give up my regular job but I still say swipe cards or fingerprint logons will become the norm inside 3 years.
Windows 2000 and Server 2003 are ahead of the game, if you go to the user properties, Account (tab), Account Options, if you scroll down you will see that Microsoft is ready with their ‘Smart Card is Required for Interactive Logon’ setting.
Here is a tool for SQL database administrators. What Authorization Manager does is let you set permissions for role-based database applications. In truth it’s just another notch on my MMC belt, but one day I may find a killer use for Authorization Manager.
The name of the executable is azman.msc. To launch the Authorization manager, press Windows Key + R, and type azman.msc in the box.
Anonymous user has wings clipped.
Yes that Anonymous user, the one that IIS loves, is having its wings clipped. In Windows Server 2003, did you know that the group Everyone now excludes this Anonymous user?
Use encryption to protect your files against offline attack such as if a laptop gets stolen. Unlike Windows 2000, you can now implement EFS without the need to configure a recovery agent
To Encrypt a file, simply select a suitable document (.doc .txt are best), right-click, Properties then Advanced and select the Encrypt contents to secure data checkbox.
This is useful for .NET passwords and other databases outside Windows Server 2003.
See more interesting free computer utilities
Here are my reviews of more useful computer tools. Most of these programs are free, while others are major applications, but time-limited. One common theme is that Solarwinds give you a free specialist utility, and then supply a more comprehensive suite for larger organizations. To let you into a secret; for small networks the free tool is all you’ll ever need.