My 7-Point Plan for Windows Security Terry Gray Director, Networks & Distributed Computing UW Computing & Communications September 2002 Objective Make Windows computers “Network Safe”, right out of the box.
Networks & Distributed Computing
UW Computing & Communications
By default, deny incoming connections to all but a minimum number of necessary service ports via integral firewalling.
When an application requires listening on a port, give users the option of opening the port just for the session, or for a fixed time interval, or "forever”… but remind later about ports left open.
Make it easy for users to establish their own local perimeter defense via IP access lists. (Important if they need to run insecure protocols within their workgroup.)
Enhance existing "IP Security" capabilities to allow blocking only "initial connection" (SYN) packets.
By default, have connections use IPSEC whenever available.
Be wary of the UPNP NAT/firewall traversal stuff --a major security headache waiting to happen.My 7-Point Plan for Windows Security