_____________
General
Information
Five Windows operating systems are widely used at Berkeley
Lab: Windows 95, Windows 98, Windows NT, Windows 2000, and
Windows XP. In addition, Micosoft has recently released its
Windows 2003 server. Each of these operating systems differs
in terms of potential for achieving reasonable security levels.
Windows 95 and 98, for example, have little security potential.
Windows NT has a higher potential for security, although a
very large number of security-related vulnerabilities have
been identified in this product. Windows 2000 has a still
higher security potential, XP has more security potential
than W2K, and the new Windows Server 2003 has the highest
potential of all. However, the more complex the system, the
more things you will have to do to achieve the desired level
of security.
The
major mistake made in dealing with security in Windows operating
systems here at LBNL is in having systems that are not members
of domains. LBNL has a central domain—every system that
is a member of this domain receives a level of protection
that is not possible for independent systems. Many users also
make the mistake of assuming that Windows systems are secure
right after installation. Nothing could be farther from the
truth. Out-of-the-box configurations leave a lot to be desired
from a security standpoint. Securing these systems thus also
requires setting system parameters properly. Other important
security-related measures for these systems include keeping
antivirus software updated, installing the latest Service
Packs and Hot Fixes, ensuring that shares have adequate protection,
and filtering out undesirable connection attempts.
Training
and awareness courses in Windows systems security are offered
at the Lab on a regular basis. Attending one or more of these
courses can help you learn what you can do to improve the
security of your system(s).
|
