Windows Security
  Home arrow Windows Security arrow Windows Host Security: Network Security Ha...
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Silverlight  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
ASP Web Hosting  
ASP.NET Web Hosting 
Windows Web Hosting
 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SECURITY

Windows Host Security: Network Security Hacks
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 12
    2004-09-20

    Table of Contents:
  • Windows Host Security: Network Security Hacks
  • Run the Verbose Switch
  • Hack 22: Get a List of Open Files and Their Owning Processes
  • Hack 23: List Running Services and Open Ports
  • Hack 24: Enable Auditing
  • Hacks 25 and 26: Secure Your Event Logs, and Change Your Maximum Log Files Sizes
  • Hacks 27 and 28: Disable Default Shares, and Encrypt Your Temp Folder
  • Hacks 29 and 30: Clear the Paging File at Shutdown, and Restrict Applications Available to Users

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    Windows Host Security: Network Security Hacks


    (Page 1 of 8 )

    This chapter shows you some ways to keep your Windows system up-to-date and secure. Although many may scoff at the mention of Windows and security in the same sentence, you actually can make a Windows system fairly secure without too much effort. (Network Security Hacks by Andrew Lockhart, O'Reilly Media, ISBN: 0596006438, 2004.)

     

    LockhartThis chapter shows you some ways to keep your Windows system up-to-date and secure, thereby making your network a safer place to work (and have fun). Although many may scoff at the mention of Windows and security in the same sentence, you actually can make a Windows system fairly secure without too much effort.

    One of the main reasons that Windows gets a bad rap is the poorly administered state in which Windows machines seem to be kept. The recent deluge of worm and virus attacks that have brought down many a network shows this to hold true. Alot of this can be traced back to the “ease” of administration that Windows seems to provide by effectively keeping the Windows administrator out of the loop about the inner workings of her environment—effectively wresting control from the system administrator’s hands.

    This chapter seeks to remedy that to some degree by showing you ways to see exactly what your server is really doing. While this may seem old hat to a Unix sysadmin, getting details on open ports and running services is often a new concept to the average Windows administrator. In addition, this chapter shows you how to disable some Windows “features,” such as sharing out all your files automatically and truncating log files. You’ll also learn how to enable some of the auditing and logging features of Windows, to give you early warning of possible security incidents (rather than waiting for the angry phone call from someone at the wrong end of a denial-of-service attack originating from your network).

    Hack 21: Check Servers for Applied Patches

    Make sure your Windows servers have the latest patches installed.

    Keeping a network of systems patched and up-to-date is hard enough in Unix, but it can be even more difficult on Windows systems. A lack of robust built-in scripting and remote access capabilities makes Windows unsuitable for automation. Nevertheless, before you even attempt to update your systems, you need to know which updates have been applied to each system; otherwise, you might waste time and effort updating systems that don’t need it. Clearly, this problem gets more difficult as the number of systems that need to be managed increases. We can avoid much of the extra work of manually updating systems by using the tool, which was originally a standalone program from Shavlik Technologies. It is now a part of Microsoft’s Baseline Security Analyzer (search http://download.microsoft.com) and is available through its command-line interface, mbsacli.exe.

    Not only can HFNetChk remotely check the status of Windows Server 2003 and Windows XP/2000/NT, but it can also check whether critical updates for IIS, SQL Server, Exchange Server, Media Player, and Internet Explorer have been applied. Although it can only check the update status of a system (and won’t actually bring the system up-to-date), it is still an invaluable timesaving tool. HFNetChk works by downloading a signed and compressed XML file from Microsoft that contains information on all currently available updates. This information includes checksums and versions of files covered by each update, as well as the registry keys modified by each update. Additional dependency information is also included. When scanning a system, HFNetChk will first scan the registry for the keys that are associated with the most current set of updates available for the current system configuration. If any of these registry keys are missing or do not match what is contained in the XML file, it will flag the update as not having been installed. If the registry key for an update is present and matches the information in the XML file, HFNetChk will then attempt to verify whether the files specified in the update information are present on the system and whether their version and checksum matches. If any of the checks fail, the update will be flagged. All flagged updates are then displayed in a report, along with a reference to the Microsoft Knowledge Base article with more information on the specific update.

    To get HFNetChk installed on your system, you first need to download and install the Microsoft Baseline Security Analyzer. To run HFNetChk, open a command prompt and change to the directory that was created during the install (C:\Program Files\Microsoft Baseline Security Analyzer) is the default).

    To check the update status of the local system, run this command:

    C:\> Program Files\Microsoft Baseline Security Analyzer> mbsacli /hf
    Microsoft Baseline Security Analyzer
    Version 1.1.1
    Powered by HFNetChk Technology - Version 3.82.0.1
    Copyright (C) Shavlik Technologies, 2001-2003
    Developed for Microsoft by Shavlik Technologies, LLC
    info@shavlik.com (www.shavlik.com)
    Please use the -v switch to view details for
    Patch NOT Found, Warning and Note messages
    Attempting to get cab from
    http://go.microsoft.com/fwlink/?LinkId=16932
    XML successfully loaded.
    Scanning PLUNDER
    .............................
    Done scanning PLUNDER
    ----------------------------
    PLUNDER(192.168.0.65)
    ----------------------------
    * WINDOWS XP SP1
    Note MS02-008 317244
    Warning MS02-055 323255
    Note MS03-008 814078
    Note MS03-030 819696
    Patch NOT Found MS03-041 823182
    Patch NOT Found MS03-044 825119
    Patch NOT Found MS03-045 824141
    Patch NOT Found MS03-049 828035
    Note MS03-051 813360
    * INTERNET EXPLORER 6 SP1
    Patch NOT Found MS03-048 824145
    * WINDOWS MEDIA PLAYER FOR WINDOWS XP SP1
    Information
    All necessary hotfixes have been applied.

    The first column tells why the check for a particular update failed. The second column shows which update failed the check, and the third column lists a Microsoft Knowledge Base (http://support.microsoft.com) article number that you can refer to for more information on the issue fixed by that particular update.

    Buy the book!If you've enjoyed what you've seen here, or to get more information, click on the "Buy the book!" graphic. Pick up a copy today!

    Visit the O'Reilly Network http://www.oreillynet.com for more online content.

    More Windows Security Articles
    More By O'Reilly Media


     

    WINDOWS SECURITY ARTICLES

    - Which Version of Windows 7 Should You Use?
    - Choosing the Best Windows XP Firewall
    - Finding the Correct Drivers for Windows XP D...
    - Windows Network Troubleshooting: Tips and Te...
    - Windows XP Home Network Setup: Essential Ste...
    - Using Windows Recovery Console to Fix Blue S...
    - Fix Blue Screen of Death in Windows XP: Corr...
    - Storing Data with Windows Skydrive
    - Windows System Administrator`s Toolbox
    - Solving Windows Genuine Advantage Problems
    - Encrypted Browsing in Windows using OpenSSH
    - Working with the Hosts File on Windows XP
    - Inventorying HDDs Remotely on Windows
    - Inventorying RAMs Remotely on Windows
    - Vital Windows Security Guidelines





    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 5 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek