Here are some more things that you can do in a Win32 environment: Upgrade all systems to Windows 2000 or XP Pro. Give users access only to applications that are necessary for their jobs. Eliminate Internet access from anyone whose job does not require it. Log all successes and failures whenever anyone attempts to access a file. Prevent users from modifying their machines in any way (including desktop settings). Physically lock up the server. Allow no one other than Admins interactive access to the server. Give each administrator his or her own account with admin privileges. Change the Administrator password to some completely random string of alphanumeric and special symbols. Place the only copy of the Administrator password in a sealed envelope in a safe deposit box offsite to which only the senior managers have access. Verify that nightly backups happen with tapes taken offsite, preferably to a different safe deposit box from the admin password Remove Email portion of Mozilla. Install unrelated mail client that will only allow text to be viewed. Set up firewall. Encrypt each stored document with the private key of the last person who modified it to ensure that tampering has not taken place.
Run all applications through Terminal Services. Place Terminal Server behind separate firewall that only allows necessary ports for Terminal Services through, and only from your internal network. Place Terminal Server in its own forest. Require second login with different password. We could do more depending on what functionality you wish to preserve. -----Original Message----- From: Alex Papadopoulos [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 07:14 To: [EMAIL PROTECTED] Subject: secure office setup -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! Enter your typical oblivious office environment. Enforce password policy Get rid of unnecessary services / applications / shares. Install network-wide antivirus. Patch all systems. Restrict internet access. Remove MS-Office - install OpenOffice 1.0 Remove IE / Outlook - install Mozilla What else should one do to retain functionality and get rid of holes in a Win32 environment? Thanks - -A - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDzIjH8RBADLmO+GvwmwTVRFz9DcAG33XDTSckXknyjBXiPQNGdJowfSRVyf Z8UrkyIJHQHFGqfDTbgCikOxltMqxLkqjxwXLKCbVhPxHaYgXNdAInwbtKcW+Yle mEA1OEv/1m+dor4uzyJKdc7s2E9Qj4D/DwP8goh4sSDaO/mFkArEps7FGwCgubZ2 W0S2gZVTNzTE8ga++y0cagsD/Ayh2ciz3E0OTUgFZcsD7tFnLeDP8u9+WnhZSrVs h6KSthLGzhUWRbXjKKqZQDOESgQ5KeCYCSd+cWNzr2UgLH3WyyiJs2SsLbOb7BNN JLVK9E39I51HhNrbMFVtWiEECPs2le11NlS9u23skuu/JgMZDXsZ76cCnn++9TRU xThaA/46paHZ3RIk4mRIS6q8RqI9h17fqbEAP6DAkV4r7SlAmwfVLE+ILxaF6p0z ORwbYjhYwY0EhlZ72k/KnDC9Q8RlD9qI2D27Q7JDp4IFh9M3N1CkA9D4jarpXG6B Wviu7axmGx3jAxMc4ERNkbcB8GgrMIzOS7tsNWzE4rAPlHr+ZbQoQWxleCBQYXBh ZG9wb3Vsb3MgPGFsZXhAcGljdHVyZWJvb2tzLmdyPohXBBMRAgAXBQI8yIx/BQsH CgMEAxUDAgMWAgECF4AACgkQpH9HqGx99ivxVgCeOJjRx/v1GKfiri/72qXSu6a1 AzYAoLkBQJdEQpbDmc1/8dL0jckDz8iLuQINBDzIjJ0QCACK4/jt9F8AsnSpBAuh cYX347ZPapmqXFmK2xmPO9SRFKNiO8HaQ4LZmTutRGu8yB99fnadyDSLW052cpng pdliOBq/IsA+0wddxh0hFDhz1BoLzKieTazFFGGKzjoBwE4fCk3O+1lQkE9JyAur dRfToMAmFFAxDPixZlsijN1d/r8M0g0M2OFdkXwvFVCvY8sqlLiJcWc2GQ+vKDot ET4d9S5lxu3kz3MVHJEPwPKbTyNU1pjAGBqImexUuNeRLPlgPGQyt9MNr8kCaFZ8 /KcmCWGWrzcCV6TLHoJNizypb4KRclNYzjW8aSrpQs+bMHm7tEUfV7dWRPD2FtTU y4TXAAMFB/92g1fY5A1sEKGpZ3pXj3D0XhxWrclTRFDDH5b8vg1U9Etpm5r8IYd8 1wuk3z3NcMvywIB1vFseOXHN47iCMBKBq7RJf1eSxqNpWLGGMcgig3bD1qY8Ea4N lfDBi4WpyvrhtuB9+0Q2oUea5f9OqUFUO2YB5ijK7LQnTArWCkcX4xn4rToIytM/ Ngy9WuIyZhz4Q9cA0k41UPi8mugieyYBM/da3X6CfrImTKSOv3hBAE5GX6yuNtrA ml1CQ3ZcIdZ+8u7ax/im5mDJNZFawfiGrCTpSkkEuHBTPdwuJQqDN5s8kueavO/t rC+SX6r9qmX1y1Y10Uu5R3+CmiT9RWyOiEYEGBECAAYFAjzIjJ0ACgkQpH9HqGx9 9isj7ACfRl4XsoVs1qpuu03rN380mK2Q6UAAniO/wtn58CJQuXDXG9KZCPUb0F2r =dSen - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE84RuxpH9HqGx99isRArZkAJ4hvLMEum2NWsquGHIR8Cxf7cVj+gCeP/eG JTHlz33O3Aqk0sSgbNl/ETE= =IyFU -----END PGP SIGNATURE-----
