Enterprise Security Best Practices

  • Article

To help you evaluate and plan the security of your network, Microsoft has compiled a list of best practices for securing an enterprise. This list is not meant to replace a full security assessment of your infrastructure, but is intended to point out a number of the key items that we have identified as areas for evaluation after working with our customers over the last year. These items fall in four main categories:

On This Page

Assess Your Environment
Protect Your Network
Protect Your Servers and Clients
Monitor Your Environment

Assess Your Environment

In order to effectively secure your network environment, you must first become familiar with all of its components. Assessing your infrastructure involves not only identifying all assets and security issues, but also monitoring the quality of your overall security program. To determine your specific network security needs, you should consider several issues. First, you need to be sure that your IT staff has the necessary executive support to run a successful security program. If you find yourself on the same page with management on how to proceed, you should focus on establishing a process to identify and analyze security risks on an ongoing basis. Without such a plan in place, you run the risk of initiating projects that are not solving your largest security problems.

Once you have established a risk management process, you should create and documnt a set of security policies that control the use of all technology and resources within your organization. Anything within your infrastructure that lacks a governing security policy, such as unprotected computers, should be identified and removed from your network until they are made compliant with your policies. To remove these computers, you will need to define a process that will help you identify these potentially vulnerable devices.

You will also need to look at third party vendors involved with your network. Do you utilize a third party to routinely perform assessments and penetration tests on your environment? Do other vendors or contractors have access to your environment? If so, do you have adequate physical security for all locations where an external or third party could directly access your network or computers?

Protect Your Network

Being part of the connected world brings many benefits as well as challenges. Any computer within your network that is connected to the Internet, directly or indirectly, is a potential risk for an attack from viruses or external attackers. Traditionally, firewalls provide defense against such attacks. Towards this end, you should review your firewall deployments to ensure that the current rules and processes to implement and maintain them are still valid. You should also make sure that you take adequate measures to help protect devices such as laptops with technologies such as host-based firewalls.

You should not, however, solely rely on firewalls as your single means of defense. There are additional factors to consider for protecting your network. Do you provide secure remote access with strong authentication techniques? Similarly, you should know whether your system uses the latest quarantine technologies that help to automatically identify remote laptops or desktops with inefficient virus patches or security. Another avenue to consider is the use of technologies such as Microsoft Outlook Web Access or Outlook access that uses RPC over HTTPS to reduce the need for remote connections to the network.

A few final thoughts you should consider include making sure you have secured your wireless network to help prevent unauthorized users from gaining access to your network resources. You should also consider upgrading all Internet-facing servers to Microsoft Windows Server 2003 and all traveling laptops to Windows XP to take advantage of the reduced attack surface of these products, as well as to utilize the additional security features such as Windows firewall for these high risk devices. Finally, you should consider using IPSec to help prevent unauthorized users from gaining access to mission-critical resources or rogue machines from accessing your network.

Protect Your Servers and Clients

Many customers we have worked with over the past year have spent considerable resources protecting their perimeter networks but have allowed their internal infrastructure to remain extremely vulnerable. You should be sure to take sufficient steps to harden your core operating systems and major applications from common attacks. To strengthen your security infrastructure and security tools, you should install Windows XP Service Pack2 (SP2) with Advanced Security Technologies on your Windows XP laptops and remote systems. In addition to a simplified monitoring of security, SP2 automatically turns on a built-in Windows Firewall that offers additional protection during a computer’s boot time and shut down process.

You should also check to make sure that you have deployed up-to-date antivirus software on all of your servers and clients. This will also allow you to use the quarantine features, among other capabilities found in Windows 2003, with remote users. If you have the latest software versions installed, you should make sure to have in place an organized method for keeping up-to-date on a regular basis with the latest virus and hacker information. This plan of action should include a strategy for rapidly deploying the latest updates to all of your operating systems and applications soon after the patches are released to the general public. You should also consider establishing guidelines for developing secure applications that include threat modeling, code reviews, and security testing. A final consideration might be to investigate technologies such as Encrypting File System to encrypt and protect business-critical folders and files.

For authentication purposes, if you have not already, then you should consider using multi-factor authentication techniques such as smart cards or biometrics for critical accounts. You should also consider deploying Active Directory for user authentication, Group Policy for applying security settings to your Windows-based computers, and establishing an effective identity and access management strategy that focuses on single sign-on capabilities.

Last but not least, to help limit the damage of a potential security breech or system malfunction, you should always have a backup and recovery strategy in place to restore services and data in an acceptable amount of time. This could include anything from a local standby server or a remote server to software applications.

Monitor Your Environment

Monitoring and auditing are central to an organization's security efforts. We often think of monitoring as watching and waiting for an event to occur so that we can react to the situation. While this is important, a secure environment should establish a proactive strategy that audits your network to identify systems configured in ways that do not meet organizational standards or best practices. To achieve this, you should regularly review client and server logs to look for common attack patterns.

During a review of your security program, you should look at the means in which you conduct your security audits. Do you have a group that is focused on auditing computers and applications for compliance with internal standards or regulatory requirements? If so, is it separate from the operations team in performing the above tasks? Do you have a team that is trained to help document and remediate issues that the audit finds?

Finally, you should consider what happens when a system is compromised. You should know if you have an intrusion detection system, how it is deployed to monitor access to business-critical systems, and how it can be used to help identify what portions of your system were compromised. If your system is attacked or faces a viral outbreak, you should also have in place an established incident response process to help minimize the effect on your network and collect information to help your security team better secure your system against future threats.

The following resources can help you with tasks in the following areas:

Assess Your Environment

Protect Your Network

Protect Your Servers and Clients

Monitor Your Environment