Today's lesson covers security considerations for Windows. We're going to discuss the concepts where it may not be so obvious to secure a Windows environment and explain why it's a good idea to build in a layered security approach into our environment. We're going to discuss points, in my experience, that has told me to go further than completely relying just on technology itself. Consideration one: assessing your environment. Windows can't protect you from everything. No matter how much you configure Windows to protect you, you still rely on the end-user to help you with security. Whether you're in a small organization, whether you're just a home user, you can't just configure your system to protect you. You have to have something guarding yourself at the edge, which is knowledge and the end-user knowledge of security. Even with these security enhancements, over the years, that Windows has built in, security is still a problem. Somebody inevitably installs an older piece of software that they forgot about and we need to monitor for that, we need to assess for that, okay? An example of this would be patches. We need to have something that is looking at our patch levels, make sure that we are adequately applying updates to our system. Several years ago, we actually did this at the University and realized that we were missing some updates even though Windows Update Server said that we were completely up to date on patches. So make sure you have something assessing your environment that is from the outside; not from the inside out. Consideration number two: what I just said a minute ago, monitoring. Something needs to be monitoring your environment, something needs to be looking at security logs. The security logs are a mess. So, if we go to Windows Event Viewer, we see a bunch of different... Well, the four Event logs that we can actually look at. But if we break those down and we look at how many security events a day, we have thousands and thousands of security events. We have to understand what is important to us to look at. Those are generally security events, they could be Windows errors, they could be system update errors, they could be application crashes. You may not know that you even have a problem until you start looking at the data. Use another system to monitor that critical infrastructure. What happens if a Server gets taken over by an attacker and wipes out all the logs? How do you know what that system did? How did they get in? So we monitor from an external source. This is very easy to do; there are plenty of programs out there to send that kind of information. How do you know something is working or not working? We have to look at logs to determine that information. Here at the University, we use Splunk. Splunk provides us information on a lot of different Windows Servers that we have running. Consideration number three: use a layered security approach. This means security in-depth. So we use Windows Firewall, we use Windows Defender, we use the knowledge that we shouldn't have all kinds of applications running on our system. A firewall can't protect us from everything, just like we can't expect anti-virus to protect us from all viruses out there, so we need multiple layers. I haven't used this in this class, but when I talk about a layered security approach, think about your residence. I'll give you an example of my residence, okay? I've got a security alarm, I've got a front door, I've got a screen door, I've got two dogs that bark at absolutely everything if they hear it outside. So those security approaches, think of those as layers of your computer. So your front door is your password. Okay? Your screen door may be your firewall blocking things from coming in. The windows that you have on the outside of your house may be open ports, okay? And the dogs are the anti-virus. Okay? They're protecting you against what may harm you. For example, password security policies may actually have the opposite effect that you want to have. Let me explain this a little bit. Several years ago, we actually - not password policies per se - but we put in a security policy that basically said you must have Windows updates turned on, all patches must be applied before you can get on the network. It was very restrictive and users found a way around it. So if we use a layered security approach, which also includes making sure security isn't cumbersome for users, then we have better security in general. Is security consideration number four: your end-users need your help. Okay? Providing help or assistance to users when they need it is ultimately the best thing that you can do. Tell them when they're doing something wrong or provide them guidance, train them to understand why we do things certain ways, explain why we need a 14 character password instead of an 8 character password because it's going to protect them better. Not everything is intuitive like Microsoft thinks it is. If we run a help desk or if we run Windows Servers that you turn on remote desktop services, you know, these are intuitive things for us maybe, but not to a layman. While some decisions may seem obvious to you, they may not seem obvious to someone else. So explain the decisions that you make when you're considering any security features for Windows or password policies or any technical policies for that matter. Make sure that you explain things to users in a concise way. They will go very far in your lack of a next data brief.
