------------------------------------------------------------------- SearchWin2000's Security Tip -------------------------------------------------------------------- EDITOR'S NOTE: Out of respect for Tuesday's tragedy, we did not send out our regularly scheduled e-mails. Our thoughts remain with all of you and your loved ones. The University of California at Berkeley has created a database where people can inquire about the safety of specific individuals and report someone they know who is safe. http://safe.millennium.berkeley.edu/ ==================================================================== SPONSORED BY: VeriSign - The Internet Trust Company ==================================================================== Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now at http://www.verisign.com/cgi-bin/go.cgi?a=n094440330003000! ==================================================================== "Granting access to an outsider" By Adesh Rampat There may be times that you want to let some person not employed by your company onto your network. When? Well this tip suggests one circumstance when this may be necessary, and offers some security considerations for you to follow if and when you do it. Got a Windows security tip of your own? Why not send it in? We'll post it on our Web site, and we'll enter you in our tips contest for some neat prizes. Submit your tip at http://searchwin2000.techtarget.com/tipsSubmit/1,289485,sid1,00.html. -------------------------------------------------------------------- There maybe times when a network administrator may need to grant a partner, such as a company to which the organization has outsourced some IT function, access to the organization's network. You might have to do this to allow the partner to perform an application fix to some malfunctioning program, for example. You can grant the partner company access to your organization's network via a Remote Access Service. Then you can join the partner company's workstation to the organization's domain. But when you do that, you have to remember that you have just let an entity onto your network about whom you know very little. And when joining a Windows workstation to a domain, remember that you have created a special trust relationship between the domain and the workstation. Consequently, there are some very important points to keep in mind when granting an outsource or other partner company access to your network: 1. The User Account - Set logon hours to make the account available during normal working hours only. - Don't allow easy dial-up access. Establish any such connection via a callback in the remote-access software to help ensure caller security if you're going to use that method of remote access. VPN access is another story, of course. - Make sure to set an expiration date on the account; you don't want strangers granted indefinite access to your network. - Lock out the account after three failed attempts to log on. - Monitor your audit logs, especially for successful/unsuccessful logon attempts. - Require passwords to be changed more regularly than other user accounts. 2. Access to files/folders Make sure that you restrict access to files for this user account. This account doesn't need access to everything on the servers. It only needs access to those files/folders that bear on the work the account will be doing. Failure to restrict access will widen the security hole that you have by allowing this workstation on your network at all. 3. Finally... Ensure that the partner company's workstation runs the latest anti-virus software. You don't need to get some broken piece of software repaired, or other maintenance function performed, only to introduce some virus into your network. *Do you agree with Mr. Rampat's methods and suggestions for granting access to an outside user? Share your thoughts and ideas at our security forum: http://searchwindowsmanageability.discussions.techtarget.com/WebX?50@@.ee84c8a. -------------------------------------------------------------------- Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics. ==================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DID YOU LIKE THIS TIP? ==================================================================== We need your feedback! Whether you loved this tip or hated it, why not let us know? Rate it at http://www.searchWin2000.com/tip/1,289483,sid1_gci769081,00.html. Have additional comments? E-mail us at mailto:[EMAIL PROTECTED] to sound off. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================================================== DON'T MISS YOUR CHANCE TO WIN! -------------------------------------------------------------------- September's tip of the month contest is in full swing! Don't miss your chance to win this month's prize -- an iBOT Pro Firewire desktop video camera w/microphone. Read all the winning tips, check out this month's prize and submit a tip of your own today at http://searchwin2000.techtarget.com/tipsHallOfFame/0,289489,sid1_prz751595_cts751583,00.html. ==================================================================== FEATURED BOOK -------------------------------------------------------------------- "Hacking Exposed Windows 2000: Network Security Secrets and Solutions" Authors: Joel Scambray and Stuart McClure Online Price: $49.99 Publisher Name: Osborne Published: Sept. 2001 Optimizing security and plugging the holes inherent in Windows 2000 networks is a daunting task and new vulnerabilities pop up every day. Break-ins, fraud, sabotage and DoS downtime are constant realities in this target-rich environment. "Hacking Exposed Windows 2000: Network Security Secrets and Solutions" will teach you, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks. Renowned security experts and best-selling authors Joel Scambray and Stuart McClure provide examples of real-world hacks, from the mundane to the sophisticated, and detailed countermeasures to protect against them. http://www.digitalguru.com/DigitalGuru/product_detail.asp?catalog_name=Books&category_name=&product_id=0072192623&partner_id=73 ==================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GET FREE EXCHANGE NEWSLETTER ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SearchWin2000's Exchange tips draw off the knowledge of experienced users, authors and other experts to provide IT professionals with guidance in installing and administering Microsoft's Exchange Server. Get these useful tidbits from the pros to help you get the most out of your Exchange deployment from mastering the basics of messaging to measuring your Exchange server's performance and scalability. To begin receiving these Exchange tips, just click here: http://searchwin2000.techtarget.com/register/1,,sid1,00.html. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================================================== If you would like to sponsor this or any TechTarget newsletter, please contact Mike Kelly at mailto:[EMAIL PROTECTED]. ==================================================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchWin2000.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
