Whatever your environment, you are strongly advised to take security matters seriously. Many organizations underestimate the value of information technology (IT). If an attack on the servers in your environment is severe enough, it could significantly damage the entire organization. For example, if malware infects the client computers on your network, your organization could lose proprietary data, and experience significant overhead costs to return them to a secure state. An attack that makes your Web site unavailable also could result in a major loss of revenue or customer confidence.
Conducting a security vulnerability, risk, and exposure analysis informs you of the tradeoffs between security and functionality that all computer systems are subject to in a networked environment. The Windows Vista Security Guide documents the major security-related countermeasures that are available in Windows Vista, the vulnerabilities that the countermeasures help address, and the potential negative consequences (if there are any) related to implementing each countermeasure.
This guide builds on the Windows XP Security Guide, which provides specific recommendations about how to harden computers running Windows XP with SP2. The Windows Vista Security Guide provides recommendations to harden computers that use specific security baselines for the following two environments:
- Enterprise Client (EC). Client computers in this environment are located in a domain that uses Active Directory and only need to communicate with systems running Windows Server 2003. The client computers in this environment include a mixture: some run Windows Vista whereas others run Windows XP. For instructions about how to test and deploy the EC environment, see Chapter 1, “Implementing the Security Baseline.” And for information about the baseline security settings that this environment uses, see Appendix A, “Security Group Policy Settings.”
- Specialized Security – Limited Functionality (SSLF). Concern for security in this environment is so great that a significant loss of functionality and manageability is acceptable. For example, military and intelligence agency computers operate in this type of environment. The client computers in this environment run only Windows Vista. For instructions about how to test and deploy the SSLF environment, see Chapter 5, “Specialized Security – Limited Functionality.” And for information about the SSLF settings that this environment uses, see Appendix A, “Security Group Policy Settings.”
Warning – the SSLF security settings are not intended for the majority of enterprise organizations. The configuration for these settings has been developed for organizations where security is more important than functionality.
The organization of the guide enables you to easily access the information that you require. The guide and its associated tools help you to:
- Deploy and enable either of the security baselines in your network environment.
- Identify and use Windows Vista security features for common security scenarios.
- Identify the purpose of each individual setting in either security baseline and understand their significance.
Although this guide is designed for enterprise customers, much of the guidance is appropriate for organizations of any size. To obtain the most value from this material, you will need to read the entire guide. However, it is possible to read individual portions of the guide to achieve specific aims. The “Chapter Summary” section in this overview briefly introduces the information in the guide. For further information about the security topics and settings that related to Windows XP, see Windows XP Security Guide and the companion guide, Threats and Countermeasures.