Information Security

Activate your FREE membership today  |  Log-in

  • Visit other TechTarget ANZ sites: 
Home  >  Articles  >  Pre-Christmas desktop security improvement plan
Posted
Nov 27, 2009
 |  By:  Eric Schultze

Pre-Christmas desktop security improvement plan

Tools: Print article RSS Feeds
Bookmark and Share

We're publishing this story on November 27th, and from this date there are exactly 20 working days left before Christmas.

Don't waste those days: work your way through our list of 20 security jobs before Christmas and you'll come back to work at a more secure organisation!

Week 1

  • Monday
    Evaluate the "password last changed date" for all the user accounts on your domain controllers. Pay particular attention to administrative accounts because they are not subject to the standard password-change policy.
    Suggested tool: Dumpsec
  • Tuesday
    Check the password strength of user accounts. Run a dictionary attack against the password hashes, and identify those that are easy to crack. Force password changes as necessary.
    Suggested tool: Cain & Abel
  • Wednesday
    Make sure your antivirus definitions are up to date.
    More information: Bash Bosh Blog
  • Thursday
    Review corporate firewall logs, and look for any unusual activity. Also, consider reviewing firewall logs for key laptop systems.
    More information: "How to review a firewall log in 15 minutes or less"
  • Friday
    Review security logs on your domain controllers. Look for successful connections from accounts that shouldn't be in use and for failed connections that could indicate an attempt to guess a password.
    More information: List of Windows security log events

Week 2

  • Monday
    Implement stronger password-creation rules on your domain controllers.
    Suggested tool: Passpol
  • Tuesday
    Scan the internal network, and look for any unauthorized Web servers. Scan for TCP Ports 80 and 443. Shutdown any Web servers that aren't approved.
    Suggested tool: Superscan
  • Wednesday
    Read the new Microsoft security bulletins and prioritize for deployment.
    More information: "Structuring patch management in seven steps"
  • Thursday
    Start deploying patches to your systems.
    Available tools: PatchManagement.org list of vendors
  • Friday
    Review malware logs. If using Windows Defender, check the System Event Log for "windefend" items.
    More information: Windows Defender technical overview

Week 3

  • Monday
    Evaluate last login dates for user accounts. Identify accounts that are still active but haven't logged in for six months or more. Disable these accounts where appropriate. (Make sure to scan all domain controllers to get accurate last login data.)
    Suggested tool: Dumpsec
  • Tuesday
    Check the patch status of your third-party applications, such as Sun Java, Mozilla Firefox, Adobe Reader and Apple iTunes.
    Available tools: PatchManagement.org list of vendors
  • Wednesday
    Look for dual-homed machines on the network that may be connected to two networks at the same time, bypassing the corporate firewalls or routers. Look for machines with multiple network interface cards (with different Media Access Control addresses or protocols).
    Suggested tool: Getmac (part of the operating system)
  • Thursday
    Examine your systems for any evidence of "autoadminlogon" data. Check to see if the user's password is listed in the registry in plain text. Disable autoadminlogon unless explicitly needed for your business.
    More information: "How to turn on automatic logon in Windows XP"
  • Friday
    Review the local administrator group on each workstation, server and domain controller. Identify any user accounts that shouldn't be included in this group. Make sure to look at membership of global groups that may be referenced in the local group.
    Suggested tool: Dumpsec

Week 4

  • Monday
    Scan the network to check on the status of the Microsoft and third-party patch deployments.
    Available tools: PatchManagement.org list of vendors
  • Tuesday
    Scan the network, and locate unapproved instances of Microsoft SQL Server. Look for the presence of TCP Port 1433. Shut down any unapproved SQL servers.
    Suggested tool: Superscan
  • Wednesday
    Review your domain controller group policy settings for the Windows Firewall. Ensure that all the firewall settings for each location are properly set.
    More information: "Deploying Windows firewall settings with Group Policy"
  • Thursday
    Run the Microsoft Malicious Software Removal Tool on your desktop systems.
    Download (32 bit)

    Download (64 bit)
  • Friday
    Review your corporate security policies, and make sure they reflect your current needs.
    More information: SANS Security Policy Project

Rinse and repeat the next month, and you'll have a more secure environment in no time!



© 2010 TechTarget ANZ. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this website constitutes acceptance of the TechTarget ANZ Terms and Conditions and Privacy Policy.

TechTarget ANZ sites: SearchCIO.com.au | SearchNetworking.com.au | SearchSecurity.com.au | SearchStorage.com.au | SearchVoIP.com.au

WF Online community sites: ElectricalSolutions | ElectronicsOnline | FoodProcessing | InMotionOnline | LabOnline | ProcessOnline | RadioComms | SafetySolutions | SustainabilityMatters | Voice&Data

Copyright © 2010 Westwick-Farrow Pty Ltd. All rights reserved.
About Us | Contact Us | TechTarget