Copyright Goodheart-Willcox Co., Inc. 470 Networking Fundamentals Software Installation Patches Security begins immediately after the initial installation of the network operating system and associated software programs. Th ere are hundreds of known vulnerabil- ities to operating systems and software packages. For example, when a network op- erating system such as Windows Server 2016 is installed and confi gured, it has many known vulnerabilities. Before the installation can be considered complete, the latest patch must be installed. Software patches contain many software fi xes that close se- curity holes and fi x software bugs. Microsoft releases collections of patches and fi xes referred to as a service pack. Administrator Account Many network operating systems are installed with a default administrator account. During installation, you are given the opportunity to enter a password of your choice for this account. A default username, such as Administrator, provides one half of authenticity to a potential intruder. To secure this potential breach, choose a new administrator name to use in place of the default administrator name, assign the account full administrative privileges, and then delete the default account. Admin- istrators are one example of privileged user accounts. Any account that has more privilege than an average user requires additional security. One example of this in- creased security is a privileged user agreement, which is an agreement specifying how the account should be used. For example, Windows Server has the default system administrator name of Administrator. A new account should be made with a new name, such as Operat0r1$. It should be created with full administrative privileges. After the new account has been created, the original account, Administrator, should be deleted from the system. It is also recommended an account be established for the administrator to use to perform daily duties and that does not require a complete set of administrative powers. Th e idea behind using a limited administrator account is to protect the sys- tem in the event an intruder compromises the account. If an intruder were to gain access to the system using a Trojan horse, the intruder could use a password-stealing program to acquire the administrator’s password when the administrator logs on to maintain the system. Th e intruder could use the administrator account to set up his or her own account that has administrative powers. If an administrator uses an account with less-than-full administrative powers, the powers of an intruder are limited if the system is cracked. A user account cannot create another user account that is more powerful than his or her own. It can only create an account that has equal or lesser powers. By using a less-powerful account for daily business, the most powerful account is left in reserve for when it is really needed. Remember, if the intruder has power equal to the administrator, the intruder can delete everything the system administrator account has created. Network Device Hardening One common security measure is to make devices as secure as you can. Th is is often referred to as hardening. Most hardening is rather simple. It begins with changing default passwords. All devices come with default passwords. Th ese must be changed, and common passwords, which are passwords that can be easily guessed or cracked, should not be used. Next, the system must be kept updated. Th is includes updating the fi rmware on devices as well as patching and making sure the system stays updated. Any unnecessary services or unused ports (IP ports and physical ports) should also be 3.5, 4.5 NET Tech Tip The ability to delete or rename the administrator account varies according to operating system and version. 4.5, 4.6 NET