This document provides a comprehensive overview of Windows NT
security considerations. As the number of companies and
organizations using Windows NT continues to grow, more issues
concerning security considerations have developed. The personnel at
Innovative Business Technology (IBT) have nearly a century of
combined computer security experience. These are some of the issues
we consider when assessing the security requirements of a client's
One of the first issues to be considered in setting up a Windows
NT security system is to define the general purpose of the network.
A good way to accomplish this is by answering the universal
questions of who, what, where, when and how. First, decide who
is going to have access to the network. A point to consider here is
whether the network will be available only to internal personnel or
whether it will have external users as well.
The next issue to consider should encompass what services
the network users will be able to access. For example, will they be
able to access the file servers, the print servers, the FAX servers,
the RAS (remote access servers), the mail servers, the news servers,
the Web servers, and/or have FTP (file transfer protocol) access?
Guidelines should then be established concerning where the
users will be able to gain access to the network. For instance, can
they utilize the network services only from their offices, or can
they also access them from their homes or from the road when they
Next, decide when the services will be available. For
example, will they be available 24 hours per day or only during
normal business hours? Finally, decide how these services
will be provided to the users. Are you going to have your own mail,
web, and news servers, or will your ISP (Internet service provider)
provide these services for you?
At this point, the physical security of the network hardware and
the servers should be the next consideration. This involves the
location of the network hardware, especially the placement of the
servers. The physical security of a network should involve not only
a safe environment to keep the hardware at a minimal risk, but it
should also involve choosing an area or location that provides
limited access to the network servers. (A public foyer or lobby
would not be a wise choice.) The ideal environment should have an
adequate power source with an Uninterruptible Power System.
It should also include a adequate cooling system, along with phone
and network lines for connectivity.
Operating System Software
After establishing a satisfactory physical environment for the
network hardware, decisions concerning the security procedures for
the network's operating system should be made. First of all, the
operating system should be installed correctly and updated
frequently as Service Paks and Hotfixes become available. A system
administrator needs to be assigned. At least one alternate
administrator also needs to be designated. An anti-virus program
needs to be installed and updated frequently.
When plans for the operating system have been finalized, the
workstation applications need to be installed. These applications
should reflect the needs of the users. One of the first priorities
should be to ascertain that the installed applications do not
adversely affect Windows NT security. The administrator needs to
make sure that all the installed applications function properly with
the other applications installed on the machines. The workstation
configurations should be standardized to make administration as
trouble free as possible. Again, an anti-virus program needs to be
installed and updated frequently.
After plans for the applications and configurations for the
workstations have been completed the next step should be to define
how and where the users should store their data. Storage on the
server usually provides better security since only those who have
access privileges to the server can access the stored data.
Sensitive data stored on local machines should never be shared
because it can allow unauthorized access.
Backup and Recovery
The next step should be the establishment of backup and recovery
procedures. Backups need to be performed on a regular basis. They
need to include the operating system, all programs and data files,
and the system registry information. They should be verified each
time they are completed. Backups should be stored offsite. Backup
Operator(s) utilizing multiple media sets should be responsible for
performing the backups. They need to be responsible for transporting
the backup media to an offsite storage location and for testing the
backup and recovery procedures.
The final step concerns auditing practices. Windows NT can record
access to the system by users, access to files, and changes made to
the software and to the registry. By reviewing the security logs
provided by the system, the administrator can see how the various
resources are being assessed. Only information that is required and
useful to the site should be logged. Logging all possible
information can substantially impact the system's performance.
We have provided a comprehensive overview concerning Windows NT
security. A detailed security plan needs to be incorporated at each
site based on the above information. A thorough plan for
establishing a secure network can help solve and prevent potential
problems. The personnel at IBT can assist you with a customized plan
to meet your security needs.
Innovative Business Technology (IBT) offers a broad range of
expertise encompassing the full spectrum of integrated computer and
network services including; Alpha, LINUX, Open VMS, UNIX, Windows,
and Y2K solutions. With nearly a century of combined experienced and
expertise among us, we believe that each customer is unique and
therefore deserves a solution that addresses their specific
requirements. We have built our reputation on listening to our
customers to develop a thorough understanding of their needs and
offering the best in customized design solutions when a "shrink
wrap" package is not appropriate. We would like to earn your
business by solving or preventing your problems whether they involve
Windows NT security or some other aspect of your computer and
networking needs. Let the specialists at IBT become your technology
partners and help you develop innovative solutions and preventions
for your business problems.