People are spending a large amount of time and money on securing their networks. But without taking a few simple, inexpensive actions all of this time and money could be wasted. There are four steps you need to take before even thinking about spending more money on firewalls, filtering routers, secure card access systems or biometric devices (i.e., retinal scanners).
1. Physically secure your servers. Keep them behind locked doors. If nonauthorized personnel have physical access to your server, they can introduce hacker software, re-boot with alternate operating systems or steal your server or disks. All of these can put your system and data at risk.
2. Physically secure your emergency boot disks and backup media. Use an off-site secured facility, a locked fireproof safe or some other hard to access storage location.
3. Disable LAN Manager (LM) authentication. This backwards compatibility option is enabled by default for old client software, but makes passwords easily readable by cable sniffers and password crackers.
4. Enforce the use of strong passwords on the net. NT comes with the tools you need to do this. Consult Microsoft's HOWTO: Password Change Filtering & Notification in Windows NT for information on enabling this protection. To be even more secure, implement the SYSKEY security enhancement features that shipped with Service Pack 3. SYSKEY adds an additional 128-bit encryption layer to the password database. Details available at Windows NT System Key Permits Strong Encryption of the SAM
RELATED LINKS
Association of Windows NT Systems Professionals
Listing of known NT security exploits
Anatomy of a friendly hack
How to assess your enterprise security, correct vulnerabilities and thwart attacks. Network World, 2/2/98.
Defensive tactics can help users keep Web server hackers at bay
Author's checklist gives security professionals a fighting
chance. Network World, 1/12/98.
Subscribe to this and other free Network World Fusion Focus newsletters
