Review of Security Planning Guides from Microsoft

Microsoft has come a long way in improving the security of their products. Platforms like Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 are now “secure by default” when you perform a clean install of these operating systems (upgrades are generally only as secure as the security level of the pre-upgrade operating system). In Windows Server 2003, for example, IIS is not installed by default, Remote Desktop is disabled by default, and so on.

Trouble is, it’s not enough for the technology to be secured—those who use and administer these technologies must be secured also. Consider the role of the administrator of your network for example. The administrator’s account is all-powerful, so an administrator can pretty much do anything he wants on your network. That can lead to total disaster in several situations Review of Security Planning Guides from Microsoft

Linked by shanmuga Tuesday, 4th October 2005 1:36PM