O'Reilly Hacks
oreilly.comO'Reilly NetworkSafari BookshelfConferences Sign In/My Account | View Cart   
Book List Learning Lab PDFs O'Reilly Gear Newsletters Press Room Jobs  


 
Buy the book!
Windows Server Hacks
By Mitch Tulloch
March 2004
More Info

HACK
#77
Security FAQ
Rod Trent, CEO of myITforum.com, shares his answers to common security questions
[Discuss (0) | Link to this hack]

At myITforum.com (http://www.myitforum.com), we often get questions regarding general network-security issues, and I try to answer them in the form of a Security FAQ. Here's a short selection of the most common questions we receive, along with my responses. You can find more security tips at myITforum.com.

Steps to Computer Security

What can I do to make sure my computer is secure?

It depends on whether you are a consumer or a business.

Businesses

Businesses should follow a similar but more involved procedure. Start by verifying the configuration of your firewalls for both Internet and intranet. By auditing your firewall configurations, you ensure they comply with your company's security policy. Firewalls are your first line of defense, and best practice requires blocking all ports that are not actually being used by applications on your network. Business should also protect their networks by requiring employees to follow the precautions outlined by Microsoft (http://www.microsoft.com/protect/) on both their home PCs and laptops, especially if they use these machines to connect to your enterprise. PCs and laptops that VPN or RAS into your network must be protected by a properly configured firewall.

Businesses must also keep their systems up-to-date with the latest security patches from Microsoft. To do so, subscribe to Microsoft's free security notification service and use Microsoft update services to automatically obtain patches for your network, see for more information. Finally, business should invest in antivirus software, because such protection is absolutely essential for keeping sensitive business data safe from attackers.

How Microsoft Handles Security

Q: Is there any documentation on how Microsoft handles security against worms and viruses?

A: Yes. Microsoft has released a "Security at Microsoft" white paper on how they handle security issues (http://www.microsoft.com/downloads/details.aspx?FamilyID=73f1ba8e-a15c-4c05-be87-8d21b1372485). This paper describes what Microsoft's Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. This asset protection takes place through a formal risk-management framework, risk-management processes, and clear organizational roles and responsibilities. The basis of the approach is recognition that risk is an inherent part of any environment and that risk should be proactively managed. The principles and techniques described in Microsoft's white paper can be employed to manage risk at any organization.

Getting Government Security Clearance

Q: How can you apply for security clearance for a government job?

A: In our daily newsletter at myITforum.com (http://www.myitforum.com/newsletter.asp), we sometimes post open positions for jobs in the government sector that require special security clearance before applying. Several folks have wondered what it takes to get the security clearance, and a list of good tidbits of information were posted to the myITforum.com Off-Topic list (http://www.topica.com/lists/myOTforum/). Here are some additional places you can find information on government security clearance:

FBI Information Sheet: http://www.fbi.gov/clearance/securityclearance.htm

Security Clearance for IT Pros: http://www.jobcircle.com/career/coach/jf_2002_09.html

Security Clearances: http://www.taonline.com/securityclearances/

Rod Trent


O'Reilly Home | Privacy Policy

© 2007 O'Reilly Media, Inc.
Website: | Customer Service: | Book issues:

All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.