NETKidoos.com - Xtended Security for windows Network

Home : : About Me : : The Site : : Articles & Tutorials : : Source Codes : : Contact Me : : SiteMap

Xtended Security for Windows Network

Author : Thomas Kurian Ambattu

Many people leave network security for chances, which the intruders will take advantage of. So it is always good to adopt a security strategy rather than waiting for an attack to happen like "prevention is better than cure". Following are some steps, which you can follow to make your Windows network more secure.

Simple Network

A simple network will be always more secure compared to a complicated network. As the complexity increases the chances for attacks also increases. This is because it won't be easy to implement and maintain security solutions in a complicated network. So what I suggest is always try to make your network the most simple.

Standardized Protocol

Protocols are set of rules with which computers use to communicate with each other. The most common protocol we use in a windows network is TCP/IP. Many intruders take advantage of the protocol to carry out an attack. So it is better to uninstall all protocols except the one, which you are using.

IDS and Firewalls

I always recommend you not to replace your IDS with your Firewall. IDS and Firewalls are two different things and hence they have different task. An IDS is a very important component of your network. An IDS helps in detecting an Intrusion where as a firewall protects your system from possible attacks. Of course there are some Firewalls with built in IDS in them but these IDS will have limited functionalities compared to other Firewalls. So it is always recommended to install both IDS and Firewall in a network.

DMZ(Demilitarized Zone)

The term DMZ or Demilitarized Zone comes from military. The DMZ area is an area that both sides agree there will be no military actions. But if one side does violate the agreement, then both sides can start firing. This is a buffer zone between the two parties and is designed to protect the populace on both sides of the DMZ.
The DMZ refers to a security zone, which separates all Internet traffic away from the internal network. You can create a secure DMZ with three routers. Your Firewall must have three Network Interface Cards connected to each of the routers.
Below is a diagram recommended by SNAC (Systems and Network Attack Center) for a Microsoft windows 2000 network.

Remote Access Services

Remote Access Service should be use only if is required. Never run the standard RAS services with windows if you are not using this service as this can give advantage to the intruders for attacks. RAS links may be difficult to be identified as an intruder attack.

Password Policy

Always stick to a good password policy. This is an important aspect especially if you are running a network where sensitive information is kept on the servers, user machines and LAN storage devices.

Access Regulation to the Network

NTFS file system is the best option in a network when you have to do network sharing. This is because NTFS possess security features. You can fix access levels & rights for the folders and files in an NTFS system.

What I was discussing all the way was some ways by which you can decrease the security threat. Securing Network is a continuous process by updating with latest patches and implementing the updated measures to defend against threat.