• Choose a category
• All
• Classic-Fiction

Internet content filters, while not included with every operating system by default, are plentiful and can be readily found for any operating system with a simple web search. It is highly recommended that you place content filters on all servers (NAT, proxy, etc.) facilitating client access as well as on the workstations themselves. This provides two levels of security that can keep errant pages out.

However, the Security applet, beneath the Control Panel, is the main interface for security features in Vista. From here, you can configure Windows Firewall, automatic scans of your computer, and Windows Defender. One of the newest security features that is available only in the Enterprise and Ultimate versions of Vista is Bitlocker. Bitlocker is a whole disk encryption feature that can encrypt an entire volume with 128-bit encryption. When the entire volume is encrypted, the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security.

The Microsoft security website is at http://www.microsoft.com/security/, and it is the first place to turn to for up-to-date information on operating system issues.

Hardening Microsoft Windows XP

Windows XP functioned as a replacement for both the Windows 9x family and Windows 2000 Professional. There are multiple versions of Windows XP, including the Home, Media Center, and Professional editions, but Microsoft is currently planning to discontinue supporting it in the near future in favor of Windows Vista.

The Windows XP Home edition was intended specifically to replace Windows 9x clients, while Media Center added entertaining options (such as a remote control for TV) and Windows XP Professional was designed for the corporate environment. Windows XP Professional has the ability to take advantage of the security possible from Windows 200x servers running Active Directory.

The service packs fix minor security openings within the operating system, and as of this writing, three such service packs have been released.

One of the best tools to use when looking for possible illicit activity on a workstation is Systems Monitor (also known as System Monitor). This utility can be used to examine activity on any counter, and excessive processor usage is one worth paying attention to if you suspect the workstation is affected or being illegitimately accessed. In previous versions of Windows-based operating systems, this utility was a standalone menu choice. With Windows XP, it became a subcomponent (a snap-in) in the Performance Console. To access it, choose Start Run and type perfmon.msc. By default, System Monitor comes up showing three counters: Pages/sec, Avg. Disk Queue Length, and % Processor Time. To add more counters, right click in the right pane and choose Add Counters from the popup menu.

Hardening Windows Server 2003

At the time the questions for this exam were written, Windows Server 2008 had only recently been released. As a result, the exam does not include questions specific to Windows Server 2008.

Windows Server 2003 was released in four variants:

■ Web edition

■ Standard edition

■ Enterprise edition

■ Datacenter edition

This product introduced the following features to the Microsoft server line:

■ Internet connection firewall

■ Secure authentication (locally and remotely)

■ Secure wireless connections

■ Software restriction policies

■ Secure Web Server (IIS 6)

■ Encryption and cryptography enhancements

■ Improved security in VPN connections

■ PKI and X.509 certificate support

In short, the goal was to make a product that is both secure and flexible. Since a server is only as secure as the workstations connected to it, one of the best ways to keep the network safe is by utilizing Group Policies and regularly reviewing them. Group Policies replace System Policies, which existed in Microsoft operating systems prior to Windows 2000.

With a Group Policy, you create restrictions