• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

Develop a standard win 2012 configuration guidline

Regardless of the role (i.e. DNS, Print, Web, Terminal, DHCP, Application, Active Directory, etc) of the windows 2012 server,
I am trying to put together a configuration guidance list that can be followed and used to securely build and configure a 2012 server. I have used CIS and Microsoft compliance check tools to show me baseline configuration vulnerabilities but that tool is used after system is active. Please share any configuration recommendations I should have to secure and protect a 2012 server before it is configured for a specific role.

This is what I have thus far if the server requires a windows GUI Platform
1) Install & configure Antivirus Software
2) Install & configure Windows Update
3) Install & configure Malware Software
4) Install & configure Firewall Software
5) Install & configure HIPS/HIDS Agent
6)  Install & configure AppLocker
7) Install & configure the server role
8) Install & configure vendor software (based on server role: i..e. Application server - SQL Server or Deltek Time Card Software)
9) Run CIS, Microsoft, Nessus baseline configuration audit software

Thank you in advance.
0
cesemj
Asked:
cesemj
  • 3
  • 2
1 Solution
 
Cliff GaliherCommented:
"Regardless of the role" ...no such thing. The purpose of the server is integral to the checklist. Every single step you listed, I can show a counterpoint where a specific role or applications makes that step irrelevant, or even worse, antithetical to the server's purpose. You can't simply make a lost in a void. Each deployment is about meeting the needs as specified, and *that* becomes about project management.

Sure, you could argue that you are making a baseline for common deployments. But even then, applocker? I'd argue *most* servers don't need it. That is a client lockdown tool. A HIPS on every server? Hmmm.....   and a CIS/Nesses scan? If this is really about building a solid baseline, wouldn't you do it once and then rely on the system? Rescinding each time seems redundant. And those are just the easy low hanging fruit.
0
 
cesemjAuthor Commented:
Ok, I need to develop a secure baseline checklist for each server role listed below:

Active Directory Domain Services role
Application Server role
DHCP Server role
DNS Server role
File Services role
Hyper-V role
Network Policy and Access Services role
Print Services role
Terminal Services role
Web Server role
Windows Deployment Services role
0
 
Cliff GaliherCommented:
Plenty of books cover those roles in detail. No need to reinvent (or rewrote) the wheel.
0
 
cesemjAuthor Commented:
ok
0
 
cesemjAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now