CAMPUS NETWORK UPDATE - University of Washington
Download
Report
Transcript CAMPUS NETWORK UPDATE - University of Washington
University of Washington
Computing & Communications
My 7-Point Plan for Windows Security
Terry Gray
Director,
Networks & Distributed Computing
UW Computing & Communications
September 2002
University of Washington
Computing & Communications
Objective
• Make Windows computers “Network Safe”,
right out of the box.
• Make it easy for users to adjust their
security policy in accordance with principle
of least privilege (or minimum necessary
access from the network).
• An “Open Letter” to Microsoft...
University of Washington
Computing & Communications
My 7-Point Plan for Windows Security
Require the administrator account to have a password!
By default, deny incoming connections to all but a minimum
number of necessary service ports via integral firewalling.
When an application requires listening on a port, give users the
option of opening the port just for the session, or for a fixed time
interval, or "forever”… but remind later about ports left open.
Make it easy for users to establish their own local perimeter
defense via IP access lists. (Important if they need to run insecure
protocols within their workgroup.)
Enhance existing "IP Security" capabilities to allow blocking
only "initial connection" (SYN) packets.
By default, have connections use IPSEC whenever available.
Be wary of the UPNP NAT/firewall traversal stuff --a major
security headache waiting to happen.