Have you visited Microsoft TechNet's Security Best Practices Web site recently? In January, just two documents were posted to the site. However, when I revisited the site (see the URL below), I found that since mid-March, Microsoft has assembled more than two dozen additional items from both inhouse and outside sources. Currently, the site offers 29 links that lead to individual resources that include white papers, interviews, articles, checklists, and links to other useful sites.
Let me give you a brief overview of what the site offers. You'll find information about topics such as preventing Denial of Service (DoS) attacks, effective security monitoring, TCP/IP security, and security strategies. For example, "Best Practices for Preventing DoS/Denial of Service Attacks," by Michael Cretzman and Todd Weeks, lists 10 best practices for preventing such attacks based on information drawn from actual attacks that several companies experienced. The article includes advice about system configuration and suggests several registry adjustments that can help minimize the effects of DoS attacks. Another article available through the site, "Distributed Denial-of-Service Attacks and You," by Paul Robichaux, describes the nature of distributed attacks and lists various ways you can protect your network from them. The latter article includes links to other Web sites that have additional related information.
Both the TCP/IP article and the security strategy article are chapters from popular and respected books. "TCP/IP from a Security Viewpoint," Chapter 3 of "Firewalls, 24 seven" (Sybex), by Matthew Strebe and Charles Perkins, offers an in-depth discussion about how TCP/IP packets are structured and how various protocols move traffic in and out of your network. "For Strategists," Chapter 11 of "Intrusion Detection" (MacMillan Technical Publishing), by Rebecca Gurley Bace, provides a roadmap for people charged with improving security in their organizations. It offers good advice about developing your security strategies and suggests specific questions to ask solution vendors. This Web site draws information from other books as well.
The Best Security Practices Web site resources also include information about managing Microsoft IIS Web services, an interview with Dr. William Stallings (a popular engineer and consultant) about cryptography, and best practices for managing service packs and hotfixes. "Manage Security of Your Windows IIS Web Services," from Microsoft Consulting Services Web Server Best Practices, offers advice about how to bring rogue systems under management to help prevent security problems such as virus infections. The Stallings interview covers topics such as assessing security needs, open-standard encryption algorithms, the inner workings of firewalls, what intruders look for, and intrusion detection.
As you know, managing service packs and hotfixes is a hot topic. During the last month and a half, Microsoft has released more than a dozen security bulletins. Keeping up with all the patches (and service pack releases, which are less frequent) is a tough job indeed, especially for those who administer large networks. The Microsoft article "Best Practices for Applying Service Packs, Hotfixes, and Security Patches," by Rick Rosato, outlines various steps to take before, during, and after installation. The article recommends that you apply all changes in a test environment and be prepared to uninstall in case the systems in your environment behave unexpectedly. The document also stresses the need for revision consistency, especially with domain controllers (DCs), and recommends that noncritical systems be updated first.
Overall, the Web site offers abundant resources that you might not be aware of. Be sure to stop by the site and take a look. The site can help raise your awareness about various aspects of security and help you increase the overall security of your entire enterprise.