We know that, as DBAs, network security was atop your list of
concerns in 2006. With this in mind, our tips this year were geared
toward helping you solve a variety of problems, including suffering
performance during testing, how to protect your users from
themselves and password insecurity.
Of course, those aren't the only issues we cover. We also tackle
a Windows VPN alternative, when to pull the plug on network
isolation, open source tools and more. Here are the top 10 network
security tips from the past year on SearchWindowsSecurity.com.
TrueCrypt: Free encryption utility
In the mobile world the only sure way to secure sensitive data is
with encryption. But any such encryption utility has to be easy to
use on Windows machines. Contributor Serdar Yegulalp takes an
extensive look at a free partition- and disk-level encryption
utility called TrueCrypt that is both effective and easy to
use.
Open source Windows security tools
For Windows security, open source tools are often an afterthought,
but they can be more flexible than Microsoft tools and less costly
than third-party tools. Contributor Tony Bradley reviews a few of
the lesser known open source security tools.
Free tool review: AccessChk permissions checker
Administrators typically go to great lengths to make sure that
network servers are secure. Mistakes do happen though. It is not
uncommon for security groups to have overlapping or even
contradictory permissions. Contributor Brien Posey reviews a
permissions-testing tool called AccessChk that helps with this
problem.
Active Directory Federation Services
ADFS sounds complicated. Not so according to contributor Jonathan
Hassell. Hassell steps you through the ADFS process, including what
you'll need to make it work.
Building better password policies
In some cases passwords are your network's last line of defense and
your only tool to ensure strong passwords is your password policy.
Contributor Kevin Beaver suggests tweaking your policy to improve
security and usability and discusses ways to get management on
board.
OpenVPN: An open source alternative to Windows
VPNs
Depending on your network needs, you may want to deploy an IPSec
VPN to provide secure remote access to your workforce.
Cost-conscious Windows shops will often stick with Windows
offerings, but this article from Justin Korelc and Ed Tittel
describes an open source VPN alternative called OpenVPN that is
both scalable and simple.
How to (really) harden Windows clients
Hardening Windows clients with a long checklist or an auditor's
suggestions might be overkill according to contributor Kevin
Beaver. Take a look at his bare-minimum checklist and his
recommendations for hardening clients according to vulnerability
assessments.
Microsoft Rights Management Services: An
introduction
Don't be confused or apprehensive about RMS. Contributor Serdar
Yegulalp explains the technology, what you'll need, how to use it
and its limitations.
Minimize Windows security testing's impact on
performance
Testing security is a good thing, but if you're not careful you
could adversely affect your Windows networks and systems.
Contributor Kevin Beaver has extensive security testing experience
and tells you how and when to test to ensure the slightest network
impact possible.
Network isolation: When to pull the plug
When security comes up, there is always a discussion of isolating a
sensitive server, but this is often impractical. Contributor Serdar
Yegulalp discusses four ways to isolate sensitive servers and their
data.