Business Security Information

When Windows Vista was released and found to have problematic issues,  many businesses stayed with Windows XP Professional.  Now Windows 7 is about to be released.  Will businesses upgrade to Windows 7 when it is released or take the more cautious approach and wait till Windows 7 is out for some time before deciding to upgrade to the newer version of Windows?  I think that a lot of businesses will wait and see before deciding to upgrade.  Since so many businesses are still using Windows XP Professional and may wait to upgrade to Windows 7, I decided to go ahead and write this article on securing Windows XP desktops.

In a lot of businesses that I see, desktop security is not always addressed.  If you have read previous articles on data security that I have written such as “Data Protection and Your Perimeter” or “Do You Know What Sensitive Information is on Your Computers?”, you understand the amount of information that is usually on a desktop or laptop.  If someone can walk into a business and gain access to a desktop or remotely gain access to the desktop from a network connection, your information can be easily harvested if the desktop is not properly protected.

Securing Windows XP

What are some basic security measures you can take to protect Windows XP?  Here are a few security measures that will get you started in the right direction.

1. Enable Automatic Updates – Keeping Windows XP updated with the latest patches, especially security patches, is essential in protecting company information.  From experience I know that this can be a two-edged sword because some updates have in the past had bugs and caused issues with Windows when first released and additional updates had to be sent out to correct the problem.  If you worry about this issue, then I would recommend setting the Automatic Update feature in Windows XP to “Notify me but don’t automatically download and install”.  This way you can make sure there are no issues with the update before installing it on your computer. For small businesses with only a few computers, either of those options should work fine.  If your business is big enough to have the computers running on a domain, you can use the Group Policy Object Editor to configure automatic updates.  Also, if possible, it is a good idea to have a centralized update server that is responsible for downloading the updates and, after testing, push the updates out to the computers on your network.
2. Verify that Volumes on XP are Formatted with NTFS -  Windows XP hard drives can be formatted using FAT, FAT-32 or NTFS file systems.  Only NTFS supports file level security where you can assign security settings to individual folders etc.  You can check this by double clicking on the My Computer icon located on the desktop.  This opens a window that shows your hard drive.  Right click on the hard drive icon and go to “Properties.”  The drive properties will then tell what file system is being used on the hard drive.
3. Install and Update Anti-virus, Spy-ware and Ad-ware Software – There is a number of free and paid versions of this type of software, but I am not going to get into which ones may be the best in this limited article.  A review of this type of software will have to wait for another time and an article unto itself.  For now, make sure you have such software protecting your computer and that you keep it up to date.  The automatic update feature should be used for virus, spy-ware and ad-ware definitions since it is just too cumbersome (no matter the size of your business) to  keep this software updated manually.  Also, if the computer is part of a domain then it is a good idea to run different brands of this type of software on the computers and the servers.  In this way, what is not caught by one will hopefully be caught by the other.
4. Use Windows Firewall – Your business should already be protected by a firewall, but each Windows XP computer should also have the Windows firewall enabled on the computer or another software-based firewall should be used.  The network perimeter is slowly disappearing as I wrote about in “Data Protection and Your Perimeter” so not all attacks against your computers will come from the outside; many will come from insiders, which I wrote about in “Security Issues Related to Insider Threats”.  The Windows Firewall or other third party firewall will help protect against such attacks.
5. Password Protect your Screen Saver – You can do this by going to the Control panel – Display Properties and under the screen saver tab check the box marked “On Resume, Display Welcome Screen.”  This will require you to re-type your password in after the screen saver has come on.  There are ways to beat this, but it does add some protection against anyone sitting down and using the computer.
6. Require a User to Press Ctrl+Alt+Del Before Logging In – This key combination helps keep your computer secure by keeping most automated software from trying to log in or hack the account.  This will require human interaction to get to the log-in screen.  Again, nothing is fool-proof, but it does provide another layer of security.  You can configure this in one of two ways. First, and probably the easiest, is to go to the Control Panel – User Accounts, go to the advanced tab and check the box “Require users to press Ctrl+Alt+Delete.”  A second way is to go to Control Panel – Administrative Tools – Local Security Policy – Security Options and right click on “Interactive Log-on: Do not require Ctrl+Alt+Del.”  Then go to “Properties” and set the tab to “disabled” which will require any user to press this key combination before logging onto Windows.
7. Shut Down Unnecessary Services – Running unnecessary services just leaves another opening for an attacker to break in.  Determine what services you need and leave only those running. To disable services, go to the Control Panel – Administrative Tools – Services, then right click on “any service” and go to the properties of that service.  From the properties screen, you can configure the service such as disabling it at start-up, etc.

There are many other things that you can do to fine tune or improve security on a Windows XP computer, but these seven items will get you started in the right direction.  Look at your Windows XP computers and determine what items you still need to implement to increase your security. Leave a comment on any other items that your business has done to secure Window XP computers so other businesses can learn from your experience.

Related posts:

1. Conficker Worm: Is It Still Around?
2. Useful PC Security Tips
3. Updating Software Applications