Clareity Consulting - Publications - Real Estate focused Security Articles - Your Next Computer

Real Estate Information Technology Consultants

Security Articles

Your Next Computer – Vista, 2008 Server and Security

Author: Clareity Consulting (www.callclareity.com)

Many of my consulting clients are planning hardware replacements and since most still use Microsoft products they are asking about the security of the next generation of Microsoft Windows. Here are some key points:

Windows Vista includes many exciting security features, including improved Firewall, Defender, and a Malicious Software Removal Tool. It allows for more organizational control over software installations via Software Restriction Policies. For the more technically minded, one can also download and install security templates from Microsoft that make the computer harder to hack into – but it can take a more technically minded person to do this without causing computer problems.

Despite all of these capabilities, Vista does not come thoroughly secured 'out of the box', and to get a handle on how to secure Vista one needs to download, understand, carefully test, and implement the many items described in the Windows Vista Security Guide available from Microsoft at http://technet.microsoft.com/en-us/bb629420.aspx.

One of the security features that comes built in with Vista is called User Account Protection (UAP). It makes you either click 'OK' or type a password on endless dialog boxes to do anything that requires administrative privileges. While this feature may work for computers where people don't do much but surf the web and read email, it's infuriating to anyone else, especially actual system administrators, who would likely rather maintain two accounts - one user account and one where they can get work done without all the extra clicks. The biggest problem with this feature is that all these dialogs eventually blur into a "click to get work done" button that nobody bothers to read any more. I don’t think this feature was well thought out.

Then, there's Windows Server 2008. The best thing about that operating system is that you can install it for a specific role (e.g. web, mail, or file server) and only those parts of the operating system needed to fulfill that role get installed or activated. Not only should this make the computer more efficient, but it makes the servers more secure. There are also other useful security features, including fine-grained password policies and easier to use and manage encryption – a must for those who store sensitive information.

Another very exciting Server 2008 feature is Network Access Protection (NAP). NAP monitors the health of computers when they connect or communicate with the network. NAP can check computers running Windows Vista, Windows Server 2008, or Windows XP with Service Pack 3 for firewall, antivirus, and antispyware settings and to ensure that Microsoft Update Services is enabled (so that security patches are downloaded). Noncompliant computers can be given limited connection to your network and redirected to a site where they can find out how to fix problems.

For those of you actively looking at deploying Windows Server 2008, there's also a security guide for that OS: http://www.microsoft.com/downloads/details.aspx?familyid=fb8b981f-227c-4af6-a44b-b115696a80ac You may also wish to look for the "Changes in Functionality from Windows Server 2003" document on the Microsoft site.

Hopefully, your company policy ensures that someone is responsible for making sure computers are set up securely and security is maintained. While there’s no such thing as “100% Secure” if you take advantage of the new features Microsoft is offering through its next generation of operating systems, you can really raise the bar for security.

About the author: Matt Cohen is Clareity Consulting's Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops and leadership retreats around the country on security related topics, and is a well-regarded real estate industry expert on software design, product management, project management, data center reliability, scalability, and security. Clareity Consulting was founded in 1996 to provide information technology consulting to the real estate industry and its related businesses.