Windows Server Hardening Guideline

Similar documents
Windows Server 2008/2012 Server Hardening

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

SQL Server Hardening

Objectives. At the end of this chapter students should be able to:

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

Belarc Advisor Security Benchmark Summary

SQL Server Hardening

Activity 1: Scanning with Windows Defender

Defense Security Service Office of the Designated Approving Authority

Installation of MicroSoft Active Directory

SQL Server Hardening

Windows Operating Systems. Basic Security

Session 17 Windows 7 Professional DNS & Active Directory(Part 2)

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Web. Security Options Comparison

Easy Setup Guide for the Sony Network Camera

Security Options... 1

About Microsoft Windows Server 2003

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Quick Start Guide for VMware and Windows 7

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Microsoft XP Professional Remote Desktop Connection

D-Link DAP-1360 Repeater Mode Configuration

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Intel Active Management Technology with System Defense Feature Quick Start Guide

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General

Installing and Configuring vcloud Connector

Agency Pre Migration Tasks

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

How To - Implement Clientless Single Sign On Authentication with Active Directory

DC Agent Troubleshooting

Quick Installation Guide. Overview. GULFSIP ATA-G1S Quick Installation Guide

Administration guide. Océ LF Systems. Connectivity information for Scan-to-File

TestElite - Troubleshooting

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v

CXM 4.5 Deployed on Windows Chad Adams October 28, 2009

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Introduction. Activating the CFR Module License. CFR Configuration

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Qvis Security Technical Support Field Manual LX Series

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Hyper-V Server 2008 Setup and Configuration Tool Guide

Quick Start Guide for Parallels Virtuozzo

Installing the Microsoft Network Driver Interface

Windows 7 / Server 2008 R2 Configuration Overview. By: Robert Huth Dated: March 2014

Steps for Basic Configuration

1. Installation Overview

How To Install And Configure Windows Server 2003 On A Student Computer

VERITAS Backup Exec TM 10.0 for Windows Servers

Core Protection for Virtual Machines 1

Security, Audit, and e-signature Administrator Console v1.2.x

In this topic we will cover the security functionality provided with SAP Business One.

Course: WIN310. Student Lab Setup Guide. Summer Microsoft Windows Server 2003 Network Infrastructure (70-291)

F-SECURE MESSAGING SECURITY GATEWAY

Desktop Web Access Single Sign-On Configuration Guide

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Windows Administration Terminal Services, AD and the Windows Registry. INLS 576 Spring 2011 Tuesday, February 24, 2011

Windows Policies That Policy Check Verifies

Windows Server Update Services 3.0 SP2 Step By Step Guide

Installing and Configuring vcenter Support Assistant

Siteminder Integration Guide

11.1. Performance Monitoring

High Availability Setup Guide

Installation Overview

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

MCSE TestPrep: Windows NT Server 4, Second Edition Managing Resources

NetWrix Password Manager. Quick Start Guide

How to put the DVR online

2. Using Notepad, create a file called c:\demote.txt containing the following information:

PAPER REUSABLE DEVICE. TopAccess Guide

DIRECTORY PASSWORD V1.2 Quick Start Guide

App Orchestration Setup Checklist

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

Evaluating the Balabit Shell Control Box

Installation Troubleshooting Guide

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

F-Secure Messaging Security Gateway. Deployment Guide

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Windows Server 2003 default services

138 Configuration Wizards

AD RMS Step-by-Step Guide

XIA Configuration Server

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

User Management Guide

CA Desktop Migration Manager

Web Plus Security Features and Recommendations

Thinspace deskcloud. Quick Start Guide

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Password Reset PRO INSTALLATION GUIDE

Chapter 6 Using Network Monitoring Tools

Use of Commercial Backup Software with Juris (Juris 2.x w/msde)

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Transcription:

Security Hardening General Information System / Project Name Host Name Model/Type Operating System IP Address(es) Subnet Mask(s) Default Gateway(s) DNS Server(s) Service Pack Release Domain / Workgroup Sign-Off Technical Provider Information Security Approval Signature : Name: Role : Signature : Name: Role : Company : _ Company : Date : Date : Microsoft Windows 2008 Page 1 of 8

Microsoft Windows 2008 R2 Version - Release Levels/applicable to: Microsoft Windows Server 2008R2, Standard Edition Microsoft Windows Server 2008R2, Enterprise Edition Microsoft Windows Server 2008R2, Datacenter Edition Microsoft Windows Server 2008R2, Web Edition 1. System Setup 1.1 Account Policies (secpol.msc) 1.1.1 Password Policies Enforce password history 24 (Domain), 0 5 Maximum password age 42 days 90 days Minimum password age 1 days 1 days Minimum password length 0 characters 8 characters Password must meet complexity requirements Enabled 1.1.2 Account Lockout Policy Account lockout duration Not Applicable 30 minutes Account lockout threshold 0 attempts 5 attempts Reset account lockout counter after Not Applicable 30 minutes Microsoft Windows 2008 Page 2 of 8

1.2 Local Policies (secpol.msc) 1.2.1 Audit Policy Audit account logon events Not Defined Success, Failure Audit account management Not Defined Success, Failure Audit directory service access Not Defined Failure Audit logon events Not Defined Success, Failure Audit object access Not Defined Failure Audit policy change Not Defined Success, Failure Audit privilege use Not Defined Not Defined Audit process tracking Not Defined Not Defined Audit system events Not Defined Success, Failure 1.2.2 Security Options Accounts: Administrator account status Enabled Enabled Accounts: guest account status Accounts: Limit local account use of blank passwords to console logon only Devices: Restrict CD-ROM access to locally logged-on user only Enabled Enabled Not Defined Not Defined Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon : Message text for users attempting to log on - "This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored Microsoft Windows 2008 Page 3 of 8

and recorded by system personnel. In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials" Interactive logon: Electronic Transactions Development - Message title for users attempting to log on Agency (Public Organization) Interactive logon: Prompt user to change 5 days 5 days password before expiration Microsoft network client: Enabled Digitally sign communications (always) Microsoft network server: Enabled Digitally sign communications (always) Network access: System\CurrentControlSet Not defined Remotely accessible registry paths and sub-paths User Account Control : Admin Approval Mode for the Built-in Administrator account User Account Control : Prompt for credentials Prompt for credentials Behavior of the elevation prompt for standard users Microsoft Windows 2008 Page 4 of 8

2. System Logs 2.1 Event Log (eventvwr.msc) Application: Maximum Log Size (KB) 20480 307200 Security: Maximum Log Size (KB) 20480 307200 System: Maximum Log Size (KB) 20480 307200 3. Network and Sharing 3.1 Internet Communication (gpedit.msc Administrative Templates ->System ->Internet Communiction Setting) Turn off the Windows Messenger Customer Experience Improvement Program Not configure Enabled 3.2 SMB protocol (regedit) The SMB protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To help prevent attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB client is permitted. HKEY_LOCAL_MACHINE\System\CurrentControlS 0 1 et\services\lanmanserver\parameters\enablesec uritysignature HKEY_LOCAL_MACHINE\System\CurrentControlS et\services\lanmanserver\parameters\requirese curitysignature 0 1 Microsoft Windows 2008 Page 5 of 8

3.3 TCP timestamp The remote host responded with a TCP timestamp. The TCP timestamp response can be used to approximate the remote host's uptime, potentially aiding in further attacks. Additionally, some operating systems can be fingerprinted based on the behaviour of their TCP timestamps. cmd : netsh int tcp set global timestamps=disable (Open CMD With admin option) Enabled 3.4 Network Share (regedit) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlS et\services\lanmanserver\parameters\autoshare Server Not Configure 0 Create new DWORD Value (if it is not already present) named AutoShareServer and set value 0 (disable network shares) 4. Additional Security Settings 4.1 Autoplay (Control Panel) Off On Turn off Autoplay Microsoft Windows 2008 Page 6 of 8

4.2 Service (services.msc) Dhcp client Enabled Print Spooler Enabled Application Layer Gateway Service Application Management Automatic Updates Enabled Enabled Download and ask for install. Background Intelligent Transfer Service Enabled Enabled Computer Browser Cryptographic Services Enabled Enabled Distributed Transaction Coordinator Enabled Enabled DNS Client Enabled Enabled Net Logon Service Enabled Enabled Network Connections Enabled Enabled Protected Storage Enabled Enabled Remote Access Auto Connection Manager Enabled Enabled Remote Procedure Call Enabled Enabled Remote Registry Service Enabled Remote Desktop Service Enabled Enabled Security Accounts Manager Enabled Enabled Server Enabled Enabled Shell Hardware Detection Enabled Enabled Task Scheduler Enabled Enabled Microsoft Windows 2008 Page 7 of 8

Telephony Enabled Windows Management Instrumentation Enabled Enabled Windows Time Enabled Enabled Microsoft Windows 2008 Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information