|
Active Directory : Tech-Pages
Security Guidelines
Antivirus Protection
If you are running a client or server connecting to the AD Tree you must have antivirus protection installed and running with the latest definitions. You will need to configure your antivirus program to check for definition updates on a nightly basis. To protect your users from spreading a virus you will need to enable real time file protection to scan files as they are accessed. You will also need to schedule regular scans of all your drives once a week. We prefer that you scan for viruses on a daily basis after your system checks and installs new virus updates. Servers or clients that do not have adequate virus protection may be removed from the network at the discretion of the ACCC.
Antivirus software is available for free from the ACCC for most Microsoft platforms.
ACCC System Security Requirements
System Installation
Servers attached to the network before they are fully patched are susceptible to malicious activity. To ensure the security of a server in the AD tree the operating system must be installed and fully patched before the system is attached to the network. During the initial installation patches must be downloaded on a different system and installed on the server from CD or disk. This helps to prevent your system from getting compromised while the initial patches are applied. Servers and machines behind a firewall during installation of the OS can be compromised, please install and patch your machines before attaching them to the network.
System Security
Brian Ng in the ACCC presented security topics at the 2003 REACH meeting focusing on Windows security. He provided a detailed handout covering basic requirements to securing your server against malicious users. The actual presentation in .pdf format with implementation details can be acquired below;
Download Windows Security REACH Presentation Here
Brian also provides a security template that can be used in addition to the requirements in the REACH presentation. This is an easy way to improve your system security and stay in line with ACCC recommendations. Download the template below and run the setup program;
Download Windows 2000-03 / XP Security Template Here (7.48MB)
Please be sure you remember your administrator password when installing the security template. If you forget your password you may lock yourself out of your machine permanently. The ACCC is not responsible for users locking themselves out of their machines or other results from using the security template. The ACCC has tested the above template on our personal workstations and it does indeed work.
|
