Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 425
  • Last Modified:

hardening windows servers.

Hi,

Can someone suggest security guidelines to hardening Windows servers - Exchange, SQL, File and Print, IIS?
0
nav2567
Asked:
nav2567
  • 2
1 Solution
 
Giovanni HewardCommented:
Here's some more sources:
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
http://web.nvd.nist.gov/view/ncp/repository

Some excellent training is provided by SANS.
http://www.sans.org/windows-security/2013/06/03/download-scripts


Operating System and Applications Hardening:

    How your anti-virus scanners can fail you
    AppLocker whitelisting
    EMET, ASLR, SEHOP, DEP (EMET 4.0)
    Windows OS and Applications Hardening tools
    The Group Policy Management Console (GPMC)
    INF and XML Security templates
    How to manage Group Policy
    WMI filtering and GPO preferences
    Custom ADM/ADMX templates
    Hardening Adobe Reader
    Hardening Java
    Hardening Internet Explorer
    Hardening Google Chrome
    Hardening Microsoft Office
    Virtual Desktop Infrastructure (pros and cons)

High-Value Targets & Restricting Admin Compromise:

    What makes something a high-value target?
    Users in the local administrators group
    Secretly limiting the power of administrative users
    Limiting privileges, logon rights and permissions
    Token abuse and pass-the-hash attack mitigations
    Group Policy control of Windows security
    User Account Control (UAC)
    Delegating IT power more safely
    Organizational units for role-based controls
    Active Directory permissions for delegation
    Active Directory auditing and logging
    Painless (or Less Painful) Patch Management

PKI, BitLocker and Secure Boot:

    Why must I have a PKI?
    Examples: Smart Cards, VPNs, Wireless, SSL, S/MIME, etc.
    How to install the Windows PKI
    Root vs. subordinate certification authorities
    Should you be your own root CA?
    Detecting malicious trusted CA changes
    How to manage your PKI
    Group policy deployment of certificates
    How to revoke certificates
    Automatic private key backup
    Deploying smart cards
    Best practices for private keys
    BitLocker drive encryption
    BitLocker for USB drives
    UEFI Secure Boot
    TPM chip options for BitLocker
    BitLocker emergency recovery

IPSec, Windows Firewall, DNS, and Wireless:

    Isn't IPSec just for VPNs? No!
    IPSec for TCP port permissions
    How to create IPSec policies
    Windows Firewall and IPSec integration
    Group Policy for IPSec and firewall rules
    NETSH and PowerShell rules scripting
    DNSSEC response validation
    DNS secure dynamic updates
    DNS sinkholes for malware
    Wireless attack vulnerabilities
    Configuring RADIUS policies (NPS)
    Wi-Fi Protected Access (WPA2)
    Secure access to wireless networks
    Secure access to Ethernet networks
    Smart cards for wireless and Ethernet

Server Hardening & Dynamic Access Control:

    A recipe for hardening most servers
    Dangerous protocols: SSL, RDP, IPv6, SMB
    SMBv3 encryption and downgrade attacks
    Pre-forensics and incident response preparation
    Service accounts and recovery
    Scheduling elevated tasks safely
    Protocol stack hardening
    Kerberos armoring and restricting NTLM
    Server Core vs. Server Minimal/Full
    DMZ cross-forest Active Directory trusts
    Dynamic Access Control (DAC)
    DAC for data loss prevention
    DAC for complying with regulations
    Automatic File Classification Infrastructure

PowerShell Scripting:

    Getting comfortable in your shell
    PowerShell remoting
    Running cmdlets and scripts
    Writing your own functions
    Writing your own scripts
    Flow control within scripts
    Managing the event logs
    Managing Active Directory
    Windows Management Instrumentation (WMI)
    Accessing COM Objects
    Security and execution policy
0
 
nav2567Author Commented:
Thanks, guys.  

I will check out these links and will respond before the end of this week.  

Thanks.
0
 
nav2567Author Commented:
Thanks.  I will look into it and do more research on them.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now