Michaels Corner

Setup all your routers and firewalls to initially block everything. Yes, thats right, block everything. This will of course grind everything to a halt, but now you will know whats going on inside your network. From there, you can gather the information you need to prove what it is that you need your routers and firewalls to allow through. The idea here is to only allow through things you approve in advance. Everything else is denied.

For instance, does everyone need to be able to connection out to the internet on port 25? Or should the users be connecting to your mail server instead? Equally, do all of your users need to connect to the mail server on port 137? You get the point.

This one can not, in my opinion, be repeated enough. Patch your systems! The days of leisurely waiting to see if not patching your system will cause a problem is gone. The bad guys are finding the bugs faster than the vendors, and when a vulnerability is announced, all bets are off. Don't wait. Patch your systems.

Yeah, this one sounds so simple, and yet bad passwords are still the case as opposed to the exception, but hey, I'm sympathetic. Its hard for some people to remember a really strong password, which is why I recommend two-factor authetication systems such as SecurID. That way you don't have to remember the "strong" password anymore, it will be generated for you, when you need it, but the two-factor token.

One of our residents, the Fire Monkey, has a good article about how to pick a strong password that you can remember. Keep in mind, one of the problems with "strong" passwords is that if they are too strong, you users will have to write them down to remember them!

Seriously, remove all the accounts on your systems you can't PROVE you need to have. If you're not sure, disable the account and see if it breaks anything or if anyone complains. If you hear nothing, then remove it.

Modern OSes come with lots of nifty services and software, unfortunately they also come with many of these services turned on. Turn everything off you can't PROVE that you need. IF you're in doubt, or you don't know what a service does, turn it off to see if it breaks anything. Don't forget to make a note of it so you can remember to turn it back on later if does break something!

The days of relying on network level security as your primary layer of defense are fading fast. With wireless networks, laptops, and VPNs desktops and networks are being exposed to new threats outside of the protective enclave of the corporate network. To make matters worse, laptop users are bringing worms and viruses into the network. The solution is to start treating the internal network as an untrusted network, and to start firewalling the servers and desktops attached to it.

Everyone seems to understand the need for anti-virus software, but spyware has actually become a bigger problem for many companies than viruses.

This is not meant to be a bash against Microsoft. IE is a fine browser, which is part of the problem, its too tightly integrated into the Operating System. Try as you might, this fatal feature is the cause of more spyware infections than any other vector. Using a browser that doesn't give an attacker such full control over a Windows computer is the right answer.

Spammers use these tactics to figure out if your e-mail address is valid, a new worm or virus can use these methods to break into your computer.