Comsec Consulting and IT training consultancy XTSeminars have unveiled an advisory paper that outlines the five key areas of Windows IT security.


The paper reveals the five key areas of security within the Microsoft Windows environment that it claims are regularly overlooked by the IT profession. These are: password strength, administrative access, updates management, security lockdown through group policy and unmanaged and noncompliant clients.


Named ‘Enhancing Five Key Areas of Windows Security - Utilising Technologies Existing in the Workplace', it is designed to advise on enhancing security on the Microsoft platform and will appeal to any organisation dedicated to securing its business, without additional spend on new technologies.


It claims that there is a problem with weak passwords as they can be easily guessed and strong passwords should be used. All administrators should also abide by a similar principal of least privilege access, ‘Never logon to a system with more privileges than needed to do the task in hand'.


It also examines the problem with updates not being effectively managed, and looks at the problems with Microsoft Windows Server Update Services, how a group policy provides an often underutilised vehicle for security lockdown and problems with unmanaged systems on a network.


John Craddock, infrastructure and security architect at XTSeminars, said: “Often, solutions are developed that are narrowly focused and do not take advantage of technologies that have already been purchased as part of an operating system licence.


“Worst of all, in some instances, organisations have burnt their precious IT budget purchasing additional products to perform functions which are already inbuilt. In today's climate we cannot afford to make those kinds of mistakes.”


Stuart Okin, managing director at Comsec Consulting UK, said: “Due to the current economic climate, business priorities are shifting and areas such as spend on security may be under pressure, when in reality the threats are on the increase. In my experience, many organisations needlessly try to seek out the best of breed security solutions, as many of the features required are already available to them.


“In this time of financial cutbacks and budget restraints, our advice is for these companies to ensure that the ‘free' enhanced security functionality that is built into Windows and its associated resource tools, are not being overlooked and are actually providing the value that they are supposed to.”