Is Your Business Safe?
Author: Scott Davidson
November 2007
Businesses, small and large alike, are confronted by continuing challenges from hackers and others who are attempting either to steal vital information from databases or to do damage to computer networks. These challenges come in a variety of forms, including spyware, viruses and worms. More recently, scriptable processes called “bots” have been employed to attack IT systems. On both consumer and corporate levels, online criminals are employing “phishing” techniques to disguise malicious e-mails in a form that makes them look like official messages from a company, attempting to uncover personal or financial information about customers.
Additionally, Sarbanes-Oxley and other legislation have imposed challenges by setting forth requirements on the type of data that must be retained and the length of time businesses must keep it. Policies and procedures to meet these evolving rules impact the way computer systems and their data must be handled.
All these challenges really compel small businesses to think about “defense in depth.” That is, they must consider security from a holistic approach. Preserving the security of a server or operating system is part of that approach, but so is the physical security of the building. For example, can someone break into a business computer center and steal the server, along with the data in it?
As part of this holistic process, businesses should be certain they are practicing good security management, downloading security updates for computers and servers, putting in place a strong authentication system for access to files and maintaining good security policies that take full advantage of the technological capabilities built into their operating systems. For example, operating systems can help companies back up their data to an outside location and to restore that data if a computer or network is damaged.
Microsoft’s security efforts
Microsoft has focused on all these issues in its security efforts, which have culminated in the Windows Vista operating system that was designed with security at its core and with additional layers of security on top of that. For Windows XP, the predecessor to Windows Vista, Microsoft developed Service Pack 2 which significantly heightened the system’s security. It also has deployed Service Packs 1 and 2 for Microsoft Windows Server 2003.
Microsoft continues to build new services, as well, such as Windows Defender, a free program that helps protect computers against threats from spyware. Likewise, Microsoft offers the free downloadable Malicious Software Removal Tool, which scans computers for infections by specific, prevalent malicious software and helps remove any infection that is discovered.
Companies also should take advantage of Microsoft Update, a program that regularly can provide the most current updates for each computer’s operating system, software and hardware. Update can be set to operate automatically or to alert the user when new updates are ready and then allow them to be installed manually. In conjunction with updating, businesses can use the Microsoft Baseline Security Analyzer that allows for a proactive scan of a computer or network and then recommends the updates that are needed for servers and desktops.
For companies using Microsoft Windows Small Business Server 2003, most recommended fixes or changes for Exchange or SQL servers are included. But some customers need to install the service packs themselves. The analyzer produces an easy-to-read report with in-depth analysis of the machines running on the local network.
Another Microsoft product, Systems Management Server, is used by companies with thousands of computers to distribute software internally and to inventory their machines to determine available disk space and memory for updates and upgrades of operating systems.
A fundamentally secure platform
Microsoft is ensuring that the investments small businesses make in their technology helps protect against malware, intrusions and other threats. Windows Vista is fundamentally more secure than any previous operating system, because it’s built from the ground up for security. Microsoft engineers looked at which privileges were really required for various services, and those that did not need to access the registry or file system were kept from accessing them. This reduces the areas in which an attacker can take advantage. Moreover, the core kernel of the Vista operating system was made more difficult to modify.
These measures were supplemented by Microsoft Genuine Windows Advantage tools, which verify that the components running in a system are truly from Microsoft and not a “hacked” version. Microsoft digitally signs all drivers to ensure that they have gone through a valid security process.
These programs all are designed to give small businesses the security, privacy, reliability and best practices they seek in keeping their business data safe.
To learn more about the programs and procedures mentioned in this article, please visit www.microsoft.com/security.
About the Author: Scott Davidson is the Heartland Area General Manager for Microsoft’s Small and Mid-market Solutions and Partners (SMS&P) group, which consists of Kentucky, Michigan, Ohio and Tennessee.
