Windows Security and Patches

Overview:

For those who work with a Windows network you know that you have to constantly keep up with the latest security patches and bug fixes. From the novice at home user to the professional network administrator everybody should be vigilant when it comes to Windows security. As more and more home users and office networks become connected to the internet you?ll become all to aware that not everybody in cyberspace is friendly and that not all software was designed with security in mind.

For the novice home user I would suggest the following websites:

Windowsupdate.Microsoft.com
www.Microsoft.com/technet/mpsa/start.asp
www.Bigfix.com
www.Zonealarm.com

Windows Update website is Microsoft?s own patch web site and has a straight forward layout which a home user will find easy to use. Would recommend at least updating all the critical and security updates, especially the Windows Internet Explorer patches. Because the Windows Update site is not always up to date with the patches you should go to this site www.microsoft.com/technet/mpsa/start.asp. This is Microsoft?s Personal Security Advisor website which will allow you to scan your workstation for security complacency in Windows. This site is only good for Windows NT 4.0 and Windows 2000 Professional workstations.

Another site you can visit is www.Bigfix.com. This site has a utility that you can run that will scan your computer for updates for Windows and a large assortment of other companies for updates and patches to their software. This utility can be setup to run all the time in your taskbar or manually depending on which you prefer.

Finally, every home computer that connects to the internet, especially those people who run a dedicated all-the-time internet connection, should have a personal firewall. My recommendation goes to the ZoneAlarm firewall. You can download the firewall from www.zonealarm.com and best of all they offer a free version. You can also purchase an upgraded version

For the advanced user and network administrators, apart from the sites mentioned above, to also do the following:

Sign up for the Microsoft Security Notification email. You can find this at: www.microsoft.com/technet/security/notify.asp
After signing up for this email you will receive notification when Microsoft has a new security patch available. Bear in mind that you still should keep up to date with ongoing security information available on many websites. Microsoft does not always have a patch available for every new security vulnerability and even when they release a patch you may see a patch released for that patch.

Another utility released by Microsoft to check for security and other critical updates for the server can be found here:
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/hfnetchk.asp
This utility works for Windows NT 4.0 and 2000 servers as well as SQL servers and IIS servers. This tool runs in a command prompt window only (go figure).

Firewalls should also be used for internal networks connecting to the internet. There are many different

I?m sure there are many more security measures that can be taken but these are the basics for keeping up to date on any Windows operating system.

Till Next Time,
Andy Fehr