Ten Best WINDOWS Security Solutions

Although network security has always been very important, it is highly risky. Network security should be an important priority for every organization. The following ten simple tricks can help you save your money.

1: Minimize attack surface

One of the first steps to reinforce the system is to reduce the attack surface: the more code running on the machine, the more chance the code will be used. Therefore, you must Uninstall all unnecessary operating system components and applications.

2: Use only well-known Application Software

In the current economic conditions, it is inevitable that free software, high-discount software, or open-source applications will be used. Although I would be the first to acknowledge the use of a large number of such applications within my own organization, it is vital to conduct a survey before using such software. Some free or low-cost applications are designed to push advertisements to users: others are designed to steal users' personal information or track their Internet browsing habits.

3: Try to use a common user account

As a best practice, administrators should try to use common user accounts. In the event of a malware infection, the malware usually has the same permissions as the attacker. Therefore, if the publisher has administrator permissions, the damage caused by malware is much greater.

4: create multiple administrator accounts

In the previous section, I discussed the importance of using a common account as much as possible, and pointed out that the Administrator account is used only when you need to perform operations that require administrator permissions. However, this does not mean that you have to use the domain administrator account.

If your organization has multiple administrators, you should create independent administrator accounts for each of them. In this way, once you perform an administrator operation, you can determine who did it. For example, if you have an administrator named JohnDoe, you have to create two accounts. One Administrator account can be used only when necessary. The accounts can be named JohnDoe and Admin-JohnDoe respectively.

5: Do not over-use audit logs

Although it is easy to create a security policy to track every possible event, there is a saying that it is too late. When auditing is used excessively, audit logs become very large, and it is almost impossible to find the required log records. Do not audit any events. On the contrary, it is better to focus on the most influential events.

6: Make good use of local security policies

Setting group security policies based on ActiveDirectory cannot replace the setting of local security policies. Remember, the security policy setting takes effect only when someone logs on with a domain account. If someone logs in with a local account, the group security policy does not work. The Local Security Policy helps you protect your machine when using your local account.

7. Review firewall configurations

You should deploy a firewall on the network border and each machine, but this is not enough. You have to review the list of excluded ports of the firewall to make sure that only necessary ports are opened.

The ports used by the Windows operating system already have a lot of strong colors, but you have to pay attention to whether there are firewall rules to open ports 1433 and 1434. These ports are used to monitor and remotely connect to the SQL Server and have become a favorite of hackers.

8: Practice Service Isolation

Whenever possible, you should configure your server to execute specific tasks. In this way, hackers can only access a group of specific services if the server lacks the server's resistance. I know that financial constraints usually force an organization to run multiple roles on the server. In such cases, you may be able to improve security through virtualization without increasing any costs. In a specific virtualization environment, Microsoft allows you to deploy multiple virtual machines on Windows2008R2, and the cost is only required to be authorized by a single server.

9: regular security Patching

Any patch must be tested before it is deployed on the production server. However, the testing process in some organizations is indeed too long. Although I certainly won't deny the importance of ensuring server stability, you also have to strike a balance between the right test needs and the right security needs.

When Microsoft releases a security patch, the patch generally targets a vulnerability with sufficient evidence. This means that hackers are already aware of this vulnerability and will look for opportunities in the vulnerabilities corrected by the patch if you have not applied the patch.

10: Use the Security Configuration Wizard

The Security Configuration Wizard allows you to create XML-based security policies. They can be applied to your server. Western Zhejiang policies can be used to enable services, configure settings, and Set firewall rules. Remember, the policies created by the Security Configuration Wizard are different from those created by the security template using the. INF file. In addition, you cannot use group policies to deploy Security Configuration Wizard policies.

Edit recommendations]