Password policies
Stress to your users the importance of using strong passwords. To enforce strong password usage, you can set a password policy in the Local Security Policies.
To set the password policy, follow these steps:
- Choose Start → Control Panel.
- In the Control Panel, click Performance and Maintenance and then click Administrative Tools, located at the bottom of the window.
- In the Administrative Tools, double-click Local Security Policy to start the Local Security Policy console.
- Expand Account Policies and highlight Password Policy.
- Ensure that users use strong passwords by double-clicking the
Password Must Meet Complexity Requirements and choosing Enable to enable the policy.
This setting ensures that users use passwords with a mix of upper- and lowercase characters, numbers, and symbols and a minimum of six characters. The password will also not contain any part of the username.
Auditing
Make sure that you enable auditing on critical systems so that you will know (hopefully) when the system has been compromised. For example, if a hacker makes his way into the system and builds himself a hidden user account, you will know about it if you have enabled account management auditing.
Use switches instead of hubs
You can enable a number of security features when working with switches instead of hubs on the network. To begin with, switches filter traffic by only sending the data to the port on the switch that the data is destined for. This can add to the security of the network because it is harder for a hacker to monitor network traffic when the port the hacker is using is not getting a copy of all data - just data destined for his system.
The second thing you could do to secure your environment with a switch is disable any unused ports on the switch. This way, if the hacker gets physical access to your network, she cannot simply plug into the switch to get access to the network.
The other thing you could do with more advanced switches is to configure Virtual Local Area Networks (VLANs). A VLAN is a grouping of ports on the switch that are allowed to communicate with one another but cannot communicate with other VLANs on the same switch. For example, I have a 24- port switch that has two VLANs. The first VLAN is made up of the first 12 ports, while the second VLAN is made up of the last 12 ports. Any systems that are plugged into the first 12 ports cannot communicate with the systems that are on the second set of 12 ports, and vice versa. Essentially, you have two networks - but only one switch.