Resources and Security Risks Terms
- Local resource: Employee workstation
- Network resource: Router
- Server resource: FTP server
- Database and information resource: SQL
- IP spoofing: Assuming the identity of another host
- Packet sniffing: Using a special program to read information as it passes across the network wire A packet analyzer or packet sniffer is a computer program or piece of computer hardware that can intercept and log traffic that passes
over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet,
and analyzes its content according to the appropriate RFC or other specifications.
Packet capture is the process of intercepting and logging traffic.
- Trojan horse: An illicit service used to defeat authentication and access control
- Denial of service: Crashing a system so that it can't participate on the network
- Social engineering: A seemingly innocent email leads to a security breach
Network Security Essentials
Users and system administrators should adhere to a number of good operating techniques. These techniques or procedures reinforce the security configuration and hardening that has already been put into the Windows workstation.
Adhere to policies
It is important that users adhere to security policies within an organization. Often these policies will be established to coordinate the various security measures across an organization. A risk in one area may be mitigated by establishing a security control on the Windows workstation. For example, there may be a subnet on the corporate LAN that routinely has untrusted users on it (perhaps for training non-employees). The company security policy may require an added rule in the personal firewalls on all Windows workstations to block access from that subnet. If the Windows workstation administrator were to remove this rule, the workstation would be at greater risk.
Minimize use of administrator account
It is often the case that normal users on a Windows workstation will also have access
to the administrator account. The user will occasionally have to log in as administrator to install software or to do a number of other administrative-level tasks. If possible, the user should resist the temptation to stay in the administrator account. Best
security practices would dictate that the user use the administrator account only when absolutely necessary. Any protection afforded the Windows workstation due to the limitation of privileges or the protection of files will be bypassed if the user
always uses the administrator account out of convenience.
Enforce good data handling
The Windows security risk can be significantly reduced by practicing good data handling. The proper handling required for the data depends on the environment in which the Windows workstation is placed. If the workstation is on the Internet or in a DMZ,
it should have no critical or sensitive data. If the workstation is on an intranet, it can have company-sensitive data, but should not have personal data. If the workstation is on a personal or private network, it can have any level of sensitive and private data.