WINDOWS SERVER HARDENING

Hi Thanks for Visiting my blog, here am explained easy steps to follow go ahead,, buddies !!!

Hardening Windows Server 2008

Step 1: Configure a Security Policy

Through which,

• Disable unnecessary services based on the server role

• Remove unused firewall rules and limit existing firewall rules.

• Define restricted audit policies.

  • For Configuring the Security Policy wizard Go to Start –> Programs –> Administrative Tools–> Security Configuration Wizard

Step 2: Disable & Delete Unnecessary accounts

For Disabling or deleting the accounts:

 

  • Go to Start –>programs –> Administrative Tools –>Server Manager Configuration –> Local Users and Groups –> users Right click on the user –> properties –> check for the account is disabled

Step 3: Uninstall unnecessary applications or roles

For uninstalling the unnecessary application:

 

  • Go to start –> programs –> Administrative tools–> Server manager –> Roles –> Click removes roles

Step 4: Configure the windows 2008 firewall

For configuring the windows 2008 firewall:

 

  • Go to Start –> Control Panel –>Windows Firewall –> Change Settings

* Bidirectional Firewall which filters the outbound traffic as well as inbound traffic, Close Unnecessary ports.

I have outlined some of the new features that the Windows Server 2008 provides

    • GUI interface: a MMC snap-in available for the Advanced Firewall Configuration.
    • Bi-directional filtering: the firewall now filters outbound traffic as well as inbound traffic.
    • IPSEC operability: now the firewall rules and IPSEC encryption configurations are integrated into one interface.
    • Advanced Rules configuration: you can create firewall rules using Windows Active Directory objects, source amp,
      destination IP addresses and protocols.

Step 5: Configure Auditing

The following events should be logged and audited:

• Audit account logon events

• Audit account management

• Audit directory service access

• Audit logon events

• Audit object access

• Audit policy change

• Audit privilege use

• Audit process tracking

• Audit system events

For Configuring the Auditing:

 

  • Go to Start –> Control Panel –> Administrative Tools –> Local Security policy –> Security Setting –> Local policies –> Audit policies

Step 6 : Disable Unnecessary shares

To check that in command prompt enter: C:\Documents and Settings>net share

Will get

Share name Resource Remark

ADMIN$ C:\WINDOWS Remote Admin

C$ C:\ Default share

IPC$ Remote IPC

In order to create a hidden share, put a $ sign after the share name. The share will still be accessible; however it will not be easily listed through the network.

Step 7: Updates and Patches

Install Windows Server Update Services (WSUS) for software update services.

Server Update Services (WSUS) provides a softwareupdate service for Microsoft Windows operating systems and other Microsoft software. By using Windows Server Update Services,administrators can manage the distribution of Microsoft hot fixes and updates released through Automatic Updates to computers in a corporate environment. WSUS helps administrators track the “update health” of each individual server.

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

Step 8: Install Antivirus

Anti Virus software is also a crucial step for hardening a server. Windows Server 2008 offers a set of tools which can help combat unauthorized network access and malicious
code execution Here we have installed Symantec Endpoint Protection to protect system from malicious codecs.

Step 9: Configure Services

For Configure services

Go to: Start –> run –> Services.msc –> Disable unneeded services (check the services to be run auto / manual on start-up)

Steps automated in Services.msc are ( based on requirement )

Use Windows Error Reporting Service

Which helps to capture software crash data and support end-user reporting of crash information.

Use Secure Socket Tunnelling protocol(SSTP) Service

Which helps to Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.

EXTRA ADDITIONAL FEATURES TO BE DONE BASED ON REQUIREMENTS :

1.Disable Remote Registry

This service allows registry access to authenticated remote users. Even though this is blocked

By the firewall and ACLs this service should be turned off if you have no reason to allow remote

Registry access.

For disabling the remote registry

Go to: Start –> Control Panel –> Windows firewall –> ON

If you have Corporate network follow the below steps:

Click Start – RUN –> Type “regedit” and press enter –>

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecureP ipeServers\

Select “winreg” and click Edit, Select “Permissions”

Select appropriate users/groups & appropriate permission like “Read” or “full Control”

Click OK and exit.

2.Special Administration Console Helper

TAllows administrators to remotely access a command prompthe SAC is an auxiliary Emergency Management Services command-line environment with the following main functions:

• Redirect Stop error message explanatory text.
• Restart the system.
• Obtain computer identification information.

To do that Go to: Start –> run –> Services.msc –> special administration console helper –>Automatic

3.Enable Netlogon

Maintains a channel between computer and domain controller. The Netlogon sub-key stores
information for the Net Log-on service

For Enabling Netlogon Go to: Start –> run–> services.msc –> Netlogon –> Automatic

4.Configure Encryption

Protects the operating system and data stored on the disk.

To install Bitlocker select it in Server Manager or type the following at a command prompt:
C:\ServerManagerCmd -install Bitlocker –restart
For Configuring the Encryption on 2008 server:

Go to Start –> Programs –>Administrative Tools –> Server Manager –> Features –> Bit locker

( It will be accessed only when active directory gets installed in windows server 2008)

5.Network Access Point(NAP)

Windows Server 2008 comes with a Network Access Protection(NAP) which helps to defense against viruses from spreading out into the network.consists of client server technology which scans and identifies machines that don’t have the latest virus signatures, service packs or security patches.Some of the key functions of a Windows Server 2008 NAP server includes:

 

  • Validating Machines:
    The mission of NAP is to preserve the integrity of the network by allowing only healthy
    machines to have IP addresses.
  • Restricting Network Access:
    Computers or servers which don’t meet the established policy standards can be restricted
    to a “quarantine” subnet where they would later be remediate the security issues.
  • Fixing Unhealthy Machines:
    Windows Server 2008 NAP has the ability to direct hosts to a remediation server, where
    the latest antivirus signatures and patches are deployed through SMS packages.

 

6. Least Priviliges

Most of the security threats are often caused by high privileges bared by accounts.Windows Server 2008 has a couple of tools which can aid administrator to
grant or revoke access to specific sections of the server

Script Logic’s Cloak: enhances the Windows NT File System (NTFS) by providing increased security,more accurate audits and a vastly streamlined experience for users of the network

Policy maker Application Security:This tool allows administrators to adjust application privilege levels to the lowest possible point in order to limit damages stemming from network attacks or user error.

These are Steps to be followed While Hardening Windows.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s