Solved

Develop a standard win 2012 configuration guidline

Posted on 2015-01-09
5
170 Views
Last Modified: 2015-01-13
Regardless of the role (i.e. DNS, Print, Web, Terminal, DHCP, Application, Active Directory, etc) of the windows 2012 server,
I am trying to put together a configuration guidance list that can be followed and used to securely build and configure a 2012 server. I have used CIS and Microsoft compliance check tools to show me baseline configuration vulnerabilities but that tool is used after system is active. Please share any configuration recommendations I should have to secure and protect a 2012 server before it is configured for a specific role.

This is what I have thus far if the server requires a windows GUI Platform
1) Install & configure Antivirus Software
2) Install & configure Windows Update
3) Install & configure Malware Software
4) Install & configure Firewall Software
5) Install & configure HIPS/HIDS Agent
6)  Install & configure AppLocker
7) Install & configure the server role
8) Install & configure vendor software (based on server role: i..e. Application server - SQL Server or Deltek Time Card Software)
9) Run CIS, Microsoft, Nessus baseline configuration audit software

Thank you in advance.
0
Comment
Question by:cesemj
  • 3
  • 2
5 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
Comment Utility
"Regardless of the role" ...no such thing. The purpose of the server is integral to the checklist. Every single step you listed, I can show a counterpoint where a specific role or applications makes that step irrelevant, or even worse, antithetical to the server's purpose. You can't simply make a lost in a void. Each deployment is about meeting the needs as specified, and *that* becomes about project management.

Sure, you could argue that you are making a baseline for common deployments. But even then, applocker? I'd argue *most* servers don't need it. That is a client lockdown tool. A HIPS on every server? Hmmm.....   and a CIS/Nesses scan? If this is really about building a solid baseline, wouldn't you do it once and then rely on the system? Rescinding each time seems redundant. And those are just the easy low hanging fruit.
0
 

Author Comment

by:cesemj
Comment Utility
Ok, I need to develop a secure baseline checklist for each server role listed below:

Active Directory Domain Services role
Application Server role
DHCP Server role
DNS Server role
File Services role
Hyper-V role
Network Policy and Access Services role
Print Services role
Terminal Services role
Web Server role
Windows Deployment Services role
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Plenty of books cover those roles in detail. No need to reinvent (or rewrote) the wheel.
0
 

Author Comment

by:cesemj
Comment Utility
ok
0
 

Author Closing Comment

by:cesemj
Comment Utility
Thanks
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now