Receive the IBT Newsletter

This document provides a comprehensive overview of Windows NT security considerations. As the number of companies and organizations using Windows NT continues to grow, more issues concerning security considerations have developed. The personnel at Innovative Business Technology (IBT) have nearly a century of combined computer security experience. These are some of the issues we consider when assessing the security requirements of a client's network.

One of the first issues to be considered in setting up a Windows NT security system is to define the general purpose of the network. A good way to accomplish this is by answering the universal questions of who, what, where, when and how. First, decide who is going to have access to the network. A point to consider here is whether the network will be available only to internal personnel or whether it will have external users as well.

The next issue to consider should encompass what services the network users will be able to access. For example, will they be able to access the file servers, the print servers, the FAX servers, the RAS (remote access servers), the mail servers, the news servers, the Web servers, and/or have FTP (file transfer protocol) access?

Guidelines should then be established concerning where the users will be able to gain access to the network. For instance, can they utilize the network services only from their offices, or can they also access them from their homes or from the road when they are traveling?

Next, decide when the services will be available. For example, will they be available 24 hours per day or only during normal business hours? Finally, decide how these services will be provided to the users. Are you going to have your own mail, web, and news servers, or will your ISP (Internet service provider) provide these services for you?

At this point, the physical security of the network hardware and the servers should be the next consideration. This involves the location of the network hardware, especially the placement of the servers. The physical security of a network should involve not only a safe environment to keep the hardware at a minimal risk, but it should also involve choosing an area or location that provides limited access to the network servers. (A public foyer or lobby would not be a wise choice.) The ideal environment should have an adequate power source with an Uninterruptible Power System. It should also include a adequate cooling system, along with phone and network lines for connectivity.

After establishing a satisfactory physical environment for the network hardware, decisions concerning the security procedures for the network's operating system should be made. First of all, the operating system should be installed correctly and updated frequently as Service Paks and Hotfixes become available. A system administrator needs to be assigned. At least one alternate administrator also needs to be designated. An anti-virus program needs to be installed and updated frequently.

When plans for the operating system have been finalized, the workstation applications need to be installed. These applications should reflect the needs of the users. One of the first priorities should be to ascertain that the installed applications do not adversely affect Windows NT security. The administrator needs to make sure that all the installed applications function properly with the other applications installed on the machines. The workstation configurations should be standardized to make administration as trouble free as possible. Again, an anti-virus program needs to be installed and updated frequently.

After plans for the applications and configurations for the workstations have been completed the next step should be to define how and where the users should store their data. Storage on the server usually provides better security since only those who have access privileges to the server can access the stored data. Sensitive data stored on local machines should never be shared because it can allow unauthorized access.

The next step should be the establishment of backup and recovery procedures. Backups need to be performed on a regular basis. They need to include the operating system, all programs and data files, and the system registry information. They should be verified each time they are completed. Backups should be stored offsite. Backup Operator(s) utilizing multiple media sets should be responsible for performing the backups. They need to be responsible for transporting the backup media to an offsite storage location and for testing the backup and recovery procedures.

The final step concerns auditing practices. Windows NT can record access to the system by users, access to files, and changes made to the software and to the registry. By reviewing the security logs provided by the system, the administrator can see how the various resources are being assessed. Only information that is required and useful to the site should be logged. Logging all possible information can substantially impact the system's performance.

We have provided a comprehensive overview concerning Windows NT security. A detailed security plan needs to be incorporated at each site based on the above information. A thorough plan for establishing a secure network can help solve and prevent potential problems. The personnel at IBT can assist you with a customized plan to meet your security needs.

Innovative Business Technology (IBT) offers a broad range of expertise encompassing the full spectrum of integrated computer and network services including; Alpha, LINUX, Open VMS, UNIX, Windows, and Y2K solutions. With nearly a century of combined experienced and expertise among us, we believe that each customer is unique and therefore deserves a solution that addresses their specific requirements. We have built our reputation on listening to our customers to develop a thorough understanding of their needs and offering the best in customized design solutions when a "shrink wrap" package is not appropriate. We would like to earn your business by solving or preventing your problems whether they involve Windows NT security or some other aspect of your computer and networking needs. Let the specialists at IBT become your technology partners and help you develop innovative solutions and preventions for your business problems.