Export (0) Print
Expand All
5 out of 6 rated this helpful - Rate this topic

Introduction

Published: December 27, 2004

The Microsoft® Windows® XP Professional operating system includes a variety of technologies that communicate with the Internet to provide increased ease of use and functionality. Browser and e-mail technologies are obvious examples, but there are also technologies such as Automatic Updates that help users obtain the latest software and product information, including bug fixes and security patches. These technologies provide many benefits, but they also involve communication with Internet sites, which administrators might want to control.

Control of this communication can be achieved through a variety of options built into individual components, into the operating system as a whole, and into server components designed for managing configurations across your organization. For example, as an administrator, you can use Group Policy to control the way some components communicate. For some components, you can direct all communication to the organization’s own internal Web site instead of to an external site on the Internet.

This white paper provides information about the communication that flows between components in Windows XP Professional with either Service Pack 1 or Service Pack 1a (both referred to as “SP1” in this white paper) and sites on the Internet, and describes steps to take to limit, control, or prevent that communication in an organization with many users. The white paper is designed to assist you, the administrator, in planning strategies for deploying and maintaining Windows XP Professional SP1 in a way that helps to provide an appropriate level of security and privacy for your organization’s networked assets.

Important For greater control over the communication between components in Windows XP and sites on the Internet, use Windows XP Professional with Service Pack 2 instead of with Service Pack 1. Windows XP Service Pack 2 provides a number of new Group Policy settings that control communication between components in the operating system and sites on the Internet. For more information, see the Microsoft Web site at:

http://go.microsoft.com/fwlink/?LinkId=23354

http://go.microsoft.com/fwlink/?LinkId=29133

This white paper provides guidelines for controlling components in the following set of operating systems:

  • Windows XP Professional with either Service Pack 1 or Service Pack 1a (both referred to as “SP1” in this white paper) on user computers. The focus is on the installation or configuration steps needed for these computers.

    Note The information in this white paper applies equally to Windows XP with Service Pack 1 and Windows XP with Service Pack 1a. Therefore, in this white paper, when the phrase “Service Pack 1” or “SP1” is used with “Windows XP,” it refers to either Service Pack 1 or Service Pack 1a for Windows XP.

    In addition, this white paper does not cover desktop products other than Windows XP Professional with SP1. For example, it does not cover Windows XP Home Edition or Windows XP Media Center Edition.

  • Windows Server™ 2003 on servers. The white paper does not focus on these computers, but it provides information for using these servers as part of your deployment or maintenance strategies. For instance, it describes ways of using Group Policy on a server running Windows Server 2003 to control the behavior or configuration of users’ computers running Windows XP SP1. In many instances, procedures that can be used on a server running Windows Server 2003 can also be used on a server running Windows 2000.

The white paper is organized around individual components found in Windows XP Professional with SP1, so that you can easily find detailed information for any component you are interested in.

What This White Paper Covers and What It Does Not Cover

This section describes the following:

  • Types of components covered in this white paper

  • Types of components not covered in this white paper

  • Security basics that are beyond the scope of this white paper, with listings of some other sources of information about these security basics

Types of Components Covered in This White Paper

This white paper provides:

  • Information about components that in the normal course of operation send information to or receive information from one or more sites on the Internet. An example of this type of component is Windows Error Reporting. If a user chooses to use this component, it sends information to a site on the Internet.

  • Information about components that routinely display buttons or links that make it easy for a user to initiate communication with one or more sites on the Internet. An example of this type of component is Event Viewer. If a user opens an event in Event Viewer and clicks a link, the user is prompted with a message box that says, "Event Viewer will send the following information across the Internet. Is this OK?" If the user clicks OK, information about the event is sent to a Web site, which replies with any additional information that might be available about that event.

  • Brief descriptions of components like Microsoft Internet Explorer and Microsoft Outlook® Express that are designed to communicate with the Internet. It is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization where users connect to sites on the Internet, download items from the Internet, send and receive e-mail, and perform similar actions. This white paper does, however, provide basic information about how components such as Internet Explorer and Outlook Express work, and it provides suggestions for other sources of information about balancing your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets.

Types of Components Not Covered in This White Paper

This white paper does not provide:

  • Information about managing or working with applications, scripts, utilities, Web interfaces, Microsoft ActiveX® controls, extensible user interfaces, the .NET Framework, and application programming interfaces (APIs). These are either applications, or are layers that support applications, and as such provide extensions that go beyond the operating system itself.

    Windows Installer is not covered in this white paper, although Windows Installer includes some technology that (if you choose) you can use for installing drivers or other software from the Internet. Such Windows Installer packages are not described here because they are like a script or utility that is created specifically for communication across the Internet.

    You must work with your software provider to learn what you can do to mitigate any risks that are part of using particular applications (including Web-based applications), scripts, utilities, and other software that runs on Windows XP with SP1.

  • Information about components that store local logs that could potentially be sent to someone or could potentially be made available to support personnel. This information is similar to any other type of information that can be sent through e-mail or across the Internet in other ways. You must work with your support staff to provide guidelines about the handling of logs and any other similar information you might want to protect.

Security Basics That are Beyond the Scope of This White Paper

This white paper is designed to assist you, the administrator, in planning strategies for deploying and maintaining Windows XP Professional with SP1 in a way that helps provide an appropriate level of security and privacy for your organization’s networked assets. The white paper does not describe security basics, that is, strategies and risk-management methods that provide a foundation for security across your organization. It is assumed you are actively evaluating and studying these security basics as a standard part of network administration.

Some of the security basics that are a standard part of network administration include:

  • Monitoring. This includes using a variety of software tools, including tools to assess which ports are open on servers and clients.

  • Virus-protection software.

  • The principle of least privilege (for example, not logging on as an administrator if logging on as a user is just as effective).

  • The principle of running only the services and software that are necessary—that is, stopping unnecessary services and keeping computers (especially servers) free of unnecessary software.

  • Strong passwords, that is, requiring all users and administrators to choose passwords that are not easily cracked.

  • Risk assessment as a basic element in creating and implementing security plans.

  • Software deployment and maintenance routines to help ensure that your organization’s software is running with the latest security updates and patches.

  • Defense-in-depth. In this context, defense-in-depth (also referred to as in-depth defense) means redundancy in security systems. An example is using firewall settings together with Group Policy to control a particular type of communication with the Internet.

Other Sources of Information About Security Basics

The following books and Web sites are a few of the many sources of information about the security basics described previously:

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.