This is one of the most comprehensive security compliance checking and deployment tools ever produced by Microsoft. The best thing is its free—you can download it at:. Once you download this tool, it will automatically update its security baselines for various Microsoft products such as Windows Servers, SQL servers, Internet explorer.
For instance, windows server r2 has a number of security compliance for the services its runs such as IIS, domain controllers, active directory. You had better make a copy of this base line for customization. The following screenshots illustrates what you need to do to make a copy of your existing DNS security settings. Next, type a name for that copy and then save it anywhere you want.
Then, on the left pane you will see the copied baseline. You can customize it according to your security needs and export it. This simple tool can quickly identify that if your server has the latest updates or hotfixes. You can use it to install the missing security patches from Microsoft the keep your server align with Microsoft security recommendations.
You can download this tool from Microsoft. You can start SCW from the administrative tools from you Windows server. This is simply a great tool that can quickly identify the roles of your serves and the installed features including networking, Windows firewalls and registry settings. Based on the report, you can fine tune security settings for each feature such as network services, account settings, windows firewalls. At the end, you will be given an option to apply the settings to your server.
The next step is the manually check the following things:. Unnecessary applications: delete all the unnecessary applications from your servers. For instance, you do not need to install Microsoft office applications in a web server because the purpose of a web server is to serve webpages efficiently.
Check your windows firewalls for the list of opened ports. Block all the ports that you do not need to run your applications. Check for the list of files or folders that you are sharing in the network. Unnecessary shares pose a great threat to vital servers. After a server or application deployment, system and security administrators should check to see if the server has any unnecessary shares.
This can be done using the following command:. Share name Resource Remark. BitLocker protects the operating system and data stored on the disk. In Windows Server , BitLocker is an optional component that must be installed before it can be used.
To install BitLocker, select it in Server Manager or type the following at a command prompt:. Updates and hot fixes are key elements when hardening a server. System and security administrators should be constantly updating and patching their servers against zero day vulnerabilities. These patches are not limited to the operating system, but also any application which is hosted on them.
Windows Server offers a set of tools which helps administrator update and patch their servers. By using Windows Server Update Services, administrators can manage the distribution of Microsoft hot fixes and updates released through Automatic Updates to computers in a corporate environment. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
Anti Virus software is also a crucial step for hardening a server. Windows Server offers a set of tools which can help combat unauthorized network access and malicious code execution. Windows Server offers a Network Access Protection NAP , which helps administrators to isolate viruses from spreading out into the network.
Windows server NAP uses a set of policies which cleans the affected machines and when they are healthy, permits them access to parts of your production network. A hardened server needs to have all its access reduced to a bare operational minimum.
0コメント