Re: Security Treats
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: Sat, 25 Sep 2004 18:13:29 GMT
That is a huge topic. But here are some for my two cents and are not related to
Windows 2000 necessarily.
-- No or improperly configured firewalls.
-- No or inadequate backup and disaster recovery strategy.
-- No or poor password and account lockout policy.
-- Not keeping current with critical updates.
-- No or poor implementation of a strategy to manage risks for viruses, worms,
-- Misconfigured operating systems - particularly domain controllers and dns.
-- No or not enforced computer user policy.
-- Unauthorized computers allowed on the network.
-- Letting users be local administrators when they do not need to be.
-- Not using Group Policy to manage/enforce Internet Explorer security settings.
-- Not enabling effective auditing and actually monitoring the logs.
-- Too many domain admins and not taking advantage of delegation for AD domain.
-- Operating system not hardened with too many services enabled such as IIS that is
installed and enabled by default.
-- Excessive default permissions to shares and root folder of a default install.
Everyone has full control.
-- Not physically securing sensitive computers, particularly domain controller.
-- Lazy, inept, malicious employees/students/admins.
"Sherman H." <email@example.com> wrote in message
> Would like to survey what are the most security threats in the 2000
> environments? What would be the things that are usually neglected by
> regular admins.