Previous posts
Sharing Files Over a NetworkWindows Ensuring the Security of Files
Safeguarding the Security Accounts Manager
Using Group Policy to Restrict Access
Disable, automatic ,logons
Force Windows to display a secure logon screen
How Interactive Logons Work
Controlling the Logon and Authentication Process
Windows Built-In Security Groups
Security Groups
Friends
mercredi 30 janvier 2008
Install All Windows Security Patches
This task belongs at the top of the list, and for good reason. Without exception, every version of Windows ever released includes bugs and defects that open the door for intruders. Over time, as these security problems are identified, Microsoft's developers release patches and updates (sometimes referred to as hotfixes) that repair the problems. At regular intervals, Microsoft releases service packs, which incorporate all bug fixes and security updates to that point. You can use any or all of the following options to determine which fixes are necessary for your computer:
In Windows XP, configure the Automatic Updates feature to check for critical updates at regular intervals. You can choose to receive notifications only, download the updates automatically, or (if you have Service Pack 1 installed) have Windows update your system files automatically. To configure this feature, open the Systems option in Control Panel (under Performance And Maintenance if you're using Category view) and click the Automatic Updates tab.
Connect to the Windows Update online service manually to download and install all service packs and critical updates that are appropriate for your version of Windows. Point your browser to http://windowsupdate.microsoft.com, or use the shortcut at the top of the Start menu, on the Tools menu in Microsoft Internet Explorer, or in the Help And Support Center in Windows XP. Windows Update scans your system using an ActiveX control and presents a list of suggested updates for point-and-click download and installation. Windows Update works with Windows 2000 and Windows XP as well as Windows 95/98/Me.
Use the Microsoft Network Security Hotfix Checker (Hfnetchk.exe) to perform an inspection of your local computer or multiple computers on your network to identify missing hotfixes and service packs. This command-line utility uses an XML database to scan your operating system files. As the output in Figure 2-7 shows, it identifies all currently installed service packs and patches, and recommends updates that might be appropriate for your computer but that are not currently installed. This utility is especially adept at identifying patches for SQL Server and other commonly used system components not covered by Windows Update.
Figure 2-7. The Network Security Hotfix Checker recommends security patches that are appropriate for your current system setup.
Browse the list of security updates at Microsoft's Hotfix & Security Bulletin Service (http://www.microsoft.com/technet/security/current.asp), and download any patches that are appropriate for your computer or network. You can search the list by product and service pack number, or you can view the entire list in reverse chronological order, beginning with the most recent security bulletins.
Use the Microsoft Baseline Security Analyzer (MBSA) to analyze your local computer or your entire network for missing hotfixes. MBSA, which works with Windows NT 4.0, Windows 2000, and Windows XP, uses the HFNetChk technology and comes with a graphical user interface and command line version. In addition to scanning for missing hotfixes, MBSA scans and report on other system vulnerabilities in Windows, IIS, and SQL Server, including blank user account passwords, the file system type used, all available shares with their configured permissions, and more.
INSIDEOUT
--------------------------------------------------------------------------------
Insist on timely updates
Windows Update is a terrific and useful service, but for extremely security-conscious Windows users it might fall short. Windows Update includes patches for the Windows operating system and related components (including Internet Explorer and IIS); it does not offer updates for non-Windows products like SQL Server. In addition, you'll often find a delay of days or weeks between the time a security bulletin is published and when it is available on Windows Update. If you prefer to receive notification of security updates for all Microsoft products as soon as they're released, subscribe to Microsoft's Security Notification Service. To join the list, send a blank e-mail to securbas@microsoft.com.
For more details about Windows Update, service packs, and hotfixes, see Chapter 7, "Keeping Your System Secure."
This task belongs at the top of the list, and for good reason. Without exception, every version of Windows ever released includes bugs and defects that open the door for intruders. Over time, as these security problems are identified, Microsoft's developers release patches and updates (sometimes referred to as hotfixes) that repair the problems. At regular intervals, Microsoft releases service packs, which incorporate all bug fixes and security updates to that point. You can use any or all of the following options to determine which fixes are necessary for your computer:
In Windows XP, configure the Automatic Updates feature to check for critical updates at regular intervals. You can choose to receive notifications only, download the updates automatically, or (if you have Service Pack 1 installed) have Windows update your system files automatically. To configure this feature, open the Systems option in Control Panel (under Performance And Maintenance if you're using Category view) and click the Automatic Updates tab.
Connect to the Windows Update online service manually to download and install all service packs and critical updates that are appropriate for your version of Windows. Point your browser to http://windowsupdate.microsoft.com, or use the shortcut at the top of the Start menu, on the Tools menu in Microsoft Internet Explorer, or in the Help And Support Center in Windows XP. Windows Update scans your system using an ActiveX control and presents a list of suggested updates for point-and-click download and installation. Windows Update works with Windows 2000 and Windows XP as well as Windows 95/98/Me.
Use the Microsoft Network Security Hotfix Checker (Hfnetchk.exe) to perform an inspection of your local computer or multiple computers on your network to identify missing hotfixes and service packs. This command-line utility uses an XML database to scan your operating system files. As the output in Figure 2-7 shows, it identifies all currently installed service packs and patches, and recommends updates that might be appropriate for your computer but that are not currently installed. This utility is especially adept at identifying patches for SQL Server and other commonly used system components not covered by Windows Update.
Figure 2-7. The Network Security Hotfix Checker recommends security patches that are appropriate for your current system setup.
Browse the list of security updates at Microsoft's Hotfix & Security Bulletin Service (http://www.microsoft.com/technet/security/current.asp), and download any patches that are appropriate for your computer or network. You can search the list by product and service pack number, or you can view the entire list in reverse chronological order, beginning with the most recent security bulletins.
Use the Microsoft Baseline Security Analyzer (MBSA) to analyze your local computer or your entire network for missing hotfixes. MBSA, which works with Windows NT 4.0, Windows 2000, and Windows XP, uses the HFNetChk technology and comes with a graphical user interface and command line version. In addition to scanning for missing hotfixes, MBSA scans and report on other system vulnerabilities in Windows, IIS, and SQL Server, including blank user account passwords, the file system type used, all available shares with their configured permissions, and more.
INSIDEOUT
--------------------------------------------------------------------------------
Insist on timely updates
Windows Update is a terrific and useful service, but for extremely security-conscious Windows users it might fall short. Windows Update includes patches for the Windows operating system and related components (including Internet Explorer and IIS); it does not offer updates for non-Windows products like SQL Server. In addition, you'll often find a delay of days or weeks between the time a security bulletin is published and when it is available on Windows Update. If you prefer to receive notification of security updates for all Microsoft products as soon as they're released, subscribe to Microsoft's Security Notification Service. To join the list, send a blank e-mail to securbas@microsoft.com.
For more details about Windows Update, service packs, and hotfixes, see Chapter 7, "Keeping Your System Secure."
0 Comments:
Funny Blogs
Blogger Roll
Free Software
