[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Develop a standard win 2012 configuration guidline

Posted on 2015-01-09
5
Medium Priority
?
194 Views
Last Modified: 2015-01-13
Regardless of the role (i.e. DNS, Print, Web, Terminal, DHCP, Application, Active Directory, etc) of the windows 2012 server,
I am trying to put together a configuration guidance list that can be followed and used to securely build and configure a 2012 server. I have used CIS and Microsoft compliance check tools to show me baseline configuration vulnerabilities but that tool is used after system is active. Please share any configuration recommendations I should have to secure and protect a 2012 server before it is configured for a specific role.

This is what I have thus far if the server requires a windows GUI Platform
1) Install & configure Antivirus Software
2) Install & configure Windows Update
3) Install & configure Malware Software
4) Install & configure Firewall Software
5) Install & configure HIPS/HIDS Agent
6)  Install & configure AppLocker
7) Install & configure the server role
8) Install & configure vendor software (based on server role: i..e. Application server - SQL Server or Deltek Time Card Software)
9) Run CIS, Microsoft, Nessus baseline configuration audit software

Thank you in advance.
0
Comment
Question by:cesemj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1500 total points
ID: 40540774
"Regardless of the role" ...no such thing. The purpose of the server is integral to the checklist. Every single step you listed, I can show a counterpoint where a specific role or applications makes that step irrelevant, or even worse, antithetical to the server's purpose. You can't simply make a lost in a void. Each deployment is about meeting the needs as specified, and *that* becomes about project management.

Sure, you could argue that you are making a baseline for common deployments. But even then, applocker? I'd argue *most* servers don't need it. That is a client lockdown tool. A HIPS on every server? Hmmm.....   and a CIS/Nesses scan? If this is really about building a solid baseline, wouldn't you do it once and then rely on the system? Rescinding each time seems redundant. And those are just the easy low hanging fruit.
0
 

Author Comment

by:cesemj
ID: 40540803
Ok, I need to develop a secure baseline checklist for each server role listed below:

Active Directory Domain Services role
Application Server role
DHCP Server role
DNS Server role
File Services role
Hyper-V role
Network Policy and Access Services role
Print Services role
Terminal Services role
Web Server role
Windows Deployment Services role
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40540809
Plenty of books cover those roles in detail. No need to reinvent (or rewrote) the wheel.
0
 

Author Comment

by:cesemj
ID: 40540817
ok
0
 

Author Closing Comment

by:cesemj
ID: 40546891
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question