Network access control learning guide

From PDAs to insecure wireless modems, users have myriad options for connecting to -- and infecting -- the network. Created in partnership with our sister site, this guide offers tips and expert advice on network access control. Learn how unauthorized users gain network access, how to block and secure untrusted endpoints, and get Windows-specific and universal access control policies and procedures.

From PDAs and laptops to insecure wireless modems, Windows users have options for connecting to and infecting networks. Created in partnership with our sister site, this network access control guide offers tips and expert advice on how to run a properly secured Windows network. Learn how to mitigate who can and cannot enter your network, how unauthorized users gain network access, how to block and secure untrusted endpoints as well as Windows-specific and universal access control policies and procedures.

Controlling network access

  • Hunting down a hacker
    Track down users who have hacked your Windows network with this advice from networking security expert Wes Noonan.

  • Active Directory Security School
    No matter how secure all the layers of your network might be, poor Active Directory (AD) security can render the rest of your security measures useless. Find the answers to all of your AD questions in this security school.

  • Network Access Quarantine Control vs. Network Access Protection
    With the number of mobile devices and remote workers growing, network quarantining has been a popular topic lately. Contributor and Network Access Quarantine Control expert Jonathan Hassell compares the features of NAQC with the forthcoming Network Access Protection (NAP) program and advises on if and when to deploy a network quarantining solution.

  • Network Access Quarantine Control
    Windows Server 2003's Network Access Quarantine Control (NAQC), part of the Resource Kit, prevents remote users from connecting to your network with machines that aren't secure. Contributor Jonathan Hassell provides step-by-step instructions on how NAQC works and how to configure it.

Securing remote access points

Remote access and security for remote users has become a hot topic for security professionals as telecommuting has grown in popularity. A horde of remote users adds a number of new security problems for Windows security admins, including endpoint security, VPN security and remote user education.

This growing list of security concerns is a treasure chest for potential hackers, as they can steal a user's notebook computer, hack into an insecure VPN or take advantage of uneducated users. In this section, pick up a few tips on how to ensure that your remote access security is as tight as possible.

Remote access security tips

  • Firewall settings for remote Windows users
    If you feel like your remote users would be best protected by Windows Firewall but your network is not set up for this, Windows networking security expert has the answer to your troubles.

  • Remote access as an attack vector
    In this excerpt of Chapter seven from "The Black Book on Corporate Security," read about remote desktop security. Authors Howard Schmidt and Tony Alagna analyze how "unmanaged" remote access can serve as an attack vector.

  • Remote system security checklist
    Remote system security has become more critical as growing numbers of distributed workforces are removed from a controlled central network. CISSP Kevin Beaver provides a list of items to lock down on remote systems.

Endpoint security tactics

Endpoint security is the security of physical devices which may literally fall into the hands of malicious users. Given the rapid growth of employees who use laptop computers, securing network endpoints has become of paramount concern for security administrators.

Traditional means of securing the endpoint are going by the wayside. A firewall alone is no longer enough to defend your network from the myriad threats that remote users, malicious hackers and the age of easy-access information have wrought. In the summer of 2006, a laptop containing personal data on nearly 30 million military veterans and active duty personnel was stolen from an employee of the U.S. Department of Veterans' Affairs. In April of 2007, a laptop containing information on 160,000 employees of Neiman Marcus was stolen. Follow the tips below to learn how to prevent such a disaster from befalling yourself and your users.

Endpoint security tips

  • Plan for a security breach, step by step
    Prepare for a security breach using this step-by-step guide. Your plan should include important contact info, methodical response steps and walk-through drills.

  • Keeping pace with emerging endpoint security technologies
    Check out this overview of endpoint security technology advancements and explains where the technology is headed.

  • Discussion: Laptop security
    Read this discussion on laptop data security for some helpful user-to-user advice on how to secure the files on your notebook computer(s).

  • Endpoint security: Guard your network at the desktop
    The days of securing a network by hardening the perimeter are gone. Now endpoint security is the latest solution to network security. Read contributor Tony Bradley's primer on endpoint security techniques.

Windows Firewall

Windows Firewall is Microsoft's overhaul of their previous firewall, Internet Connection Firewall (ICF). In general, according to Windows security expert Mark Minasi, a "firewall refers to any of a number of ways to shield a computer network from other networks." When one of the "other networks" includes the vast space of the internet, it becomes clear that a firewall is a necessary security tool for any Windows network.

Excerpts from Mark Minasi's book, "Mastering Windows Server 2003 Upgrade Edition for SP1 and R2" can be found in the tips below, along with a short series of tips and advice from our Windows security experts. Learn how to set up IPsec bypass, permit Ping, make server applications work with Windows Firewall and more.

Windows Firewall tips

  • Locking up the ports: Windows Firewall

    This upgrade to best-selling author Mark Minasi's Mastering Windows Server 2003 covers all the undocumented updates and new features for Windows Firewall in Service Pack 1 and Windows Server 2003 R2. With clear and easy instruction, this book update tells you all about the SP1 and R2, including security enhancements, management and administration tools. If you work with or depend on Windows Server 2003, this book is for you.

  • Managing Microsoft's Windows Firewall
    Microsoft's Windows Firewall can give network admins a headache. Check out the advice of our Windows security experts to find out when to use Windows Firewall, how to configure it for remote users and what can cause Windows Firewall to automatically shut down.


Virtual private networks (VPNs) allow remote employees to access their company's respective network. Of course, when a number of VPNs are run through the internet, several security questions are raised. Do my users need extra security? Does my network need extra security precautions? How easily can a hacker access my network through my employee's VPN connection?

While a VPN traditionally comes with its own extra precautionary security measures, that does not mean that a VPN does not create extra risk. Check out the tips below to learn how to give your VPN a penetration test and read a series of VPN quick tips.

VPN security tips

  • VPN quick tips
    Choose the best VPN technology for your enterprise learn to maintain your VPN once it is deployed with this collection of VPN security tips.

  • Pen testing your VPN
    Your VPN is a vital gateway into your network for your company's road warriors, telecommuters and other remote users. This tip looks at why it's important to add VPN security to your list of concerns.

This was first published in May 2007



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: