Tip

Windows security strategy

Unless managing a few Windows boxes is your full-time job, if you want to have any hope of keeping them secure, you have to have a well-reasoned strategic approach. The most important input to this strategy is an understanding of attack vectors and how they change.

Back in the early days of Windows 3.1, before Windows for Workgroups 3.11, and long before Windows NT, or 2000 or XP or 2003, the most common attack vector by far was from a virus hiding in the boot sector of a floppy disk. I think it's been about 7 years since I've seen a computer infected by a boot sector virus. In the past few years, we've seen several other attack vectors come and go, such as hostile macros in Word and Excel.

Today, the most common attack vectors for Windows machines are

  • e-mail worms that rely on users to click an executable
  • attacks that exploit bugs in services via TCP or UDP ports
  • Web pages that install spyware, adware and occasionally much worse
  • and the perennial favorite, "social engineering"

It's pretty obvious to most security professionals, that to develop a strategy, you need to know how your Windows systems are used, so you can implement the appropriate controls, because for instance, a SQL Server needs a completely different strategy than a Windows laptop used by a road-warrior. Business critical applications may run on the SQL Server that require constant availability. You may only get one change window each month in which to do your security updates and patches, which may force you to separate your server from the rest of your LAN with a firewall. The laptop, obviously, has an entirely different set of problems.

The point though, is to understand that the popularity of attacks tends to revolve around how your users do business. And thus, as business habits change, so will attack vectors. We don't swap floppy disks anymore so boot sector viruses are a thing of the past. Or are they? Perhaps the popularity of all those USB drives, and SD cards and compact flash cards will present a target too tantalizing for virus writers to pass up. Consider that just last month we saw a proof of concept virus for cell phones. Passing hostile code from Windows CE to Windows XP is not outside the realm of possibility.

A good Windows security strategy is more than just updating your virus scanner; like preventing their biological cousins, it involves minimizing high-risk behavior. So, consider what your users are doing, and try to offer them safer alternatives.


Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.


This was first published in August 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.