hardening windows servers.

Hi,

Can someone suggest security guidelines to hardening Windows servers - Exchange, SQL, File and Print, IIS?
nav2567Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Giovanni HewardCommented:
Here's some more sources:
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
http://web.nvd.nist.gov/view/ncp/repository

Some excellent training is provided by SANS.
http://www.sans.org/windows-security/2013/06/03/download-scripts


Operating System and Applications Hardening:

    How your anti-virus scanners can fail you
    AppLocker whitelisting
    EMET, ASLR, SEHOP, DEP (EMET 4.0)
    Windows OS and Applications Hardening tools
    The Group Policy Management Console (GPMC)
    INF and XML Security templates
    How to manage Group Policy
    WMI filtering and GPO preferences
    Custom ADM/ADMX templates
    Hardening Adobe Reader
    Hardening Java
    Hardening Internet Explorer
    Hardening Google Chrome
    Hardening Microsoft Office
    Virtual Desktop Infrastructure (pros and cons)

High-Value Targets & Restricting Admin Compromise:

    What makes something a high-value target?
    Users in the local administrators group
    Secretly limiting the power of administrative users
    Limiting privileges, logon rights and permissions
    Token abuse and pass-the-hash attack mitigations
    Group Policy control of Windows security
    User Account Control (UAC)
    Delegating IT power more safely
    Organizational units for role-based controls
    Active Directory permissions for delegation
    Active Directory auditing and logging
    Painless (or Less Painful) Patch Management

PKI, BitLocker and Secure Boot:

    Why must I have a PKI?
    Examples: Smart Cards, VPNs, Wireless, SSL, S/MIME, etc.
    How to install the Windows PKI
    Root vs. subordinate certification authorities
    Should you be your own root CA?
    Detecting malicious trusted CA changes
    How to manage your PKI
    Group policy deployment of certificates
    How to revoke certificates
    Automatic private key backup
    Deploying smart cards
    Best practices for private keys
    BitLocker drive encryption
    BitLocker for USB drives
    UEFI Secure Boot
    TPM chip options for BitLocker
    BitLocker emergency recovery

IPSec, Windows Firewall, DNS, and Wireless:

    Isn't IPSec just for VPNs? No!
    IPSec for TCP port permissions
    How to create IPSec policies
    Windows Firewall and IPSec integration
    Group Policy for IPSec and firewall rules
    NETSH and PowerShell rules scripting
    DNSSEC response validation
    DNS secure dynamic updates
    DNS sinkholes for malware
    Wireless attack vulnerabilities
    Configuring RADIUS policies (NPS)
    Wi-Fi Protected Access (WPA2)
    Secure access to wireless networks
    Secure access to Ethernet networks
    Smart cards for wireless and Ethernet

Server Hardening & Dynamic Access Control:

    A recipe for hardening most servers
    Dangerous protocols: SSL, RDP, IPv6, SMB
    SMBv3 encryption and downgrade attacks
    Pre-forensics and incident response preparation
    Service accounts and recovery
    Scheduling elevated tasks safely
    Protocol stack hardening
    Kerberos armoring and restricting NTLM
    Server Core vs. Server Minimal/Full
    DMZ cross-forest Active Directory trusts
    Dynamic Access Control (DAC)
    DAC for data loss prevention
    DAC for complying with regulations
    Automatic File Classification Infrastructure

PowerShell Scripting:

    Getting comfortable in your shell
    PowerShell remoting
    Running cmdlets and scripts
    Writing your own functions
    Writing your own scripts
    Flow control within scripts
    Managing the event logs
    Managing Active Directory
    Windows Management Instrumentation (WMI)
    Accessing COM Objects
    Security and execution policy
0
nav2567Author Commented:
Thanks, guys.  

I will check out these links and will respond before the end of this week.  

Thanks.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nav2567Author Commented:
Thanks.  I will look into it and do more research on them.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.