stevew
08-21-2007, 10:17 PM
It is absolutely essential to add protection to a new Window's 2003
Server as soon as possible. The bare minimum for this would be to run
all Window's updates at the time of installation, configure automatic
updates to keep the system current with new critical patches, install an
Anti-Virus program and configure it to quarantine infected files and
schedule regular system scans and to enable and configure the Windows
Firewall.
After installation, we will install all critical system updates and
current patches for you, but you will need to ensure that at least the
other items are taken care of immediately. The security of your server
should be your highest initial priority, as it will help you immensely
in avoiding the hardships of having to deal with a compromised server
and infected data. And leaving a server unprotected on today's Internet
is a guaranteed way to find yourself in exactly that situation.
This thread is intended to provide you with as many resources as
possible to help you better understand Windows security and to point you
to some of the tools you will need to use to begin the server hardening
process.
To begin with, you should enable your firewall and install at least a
free Anti-Virus program. There are many commercial Anti-Virus solutions
available such as Symantec, McAfee and many others. Here are some links
to help get you started:
Enabling Windows Firewall:
http://technet2.microsoft.com/windowsserver/en/library/5b3670d9-59d3-47c0-9609-bfd2cc6a7e7c1033.mspx?mfr=true
Free Anti-Virus for Server 2003:
http://www.clamwin.com/
(please be aware that the default setting for this application is to
only report infected files. This should be changed to either quarantine
or remove, depending on your needs. Also, don't forget to create a
recurring system scan)
After these two items are completed, the next most important thing to do
is to be sure that your automatic updates are configured, unless you are
planning to handle this important task manually. Here are some helpful
guides:
http://support.microsoft.com/kb/327838
http://www.lockergnome.com/nexus/it/2004/12/07/automatic-update-in-windows-server-2003/
Once these three things have been performed, you can finally take a
breath knowing that your new Windows Server is relatively protected.
Please keep in mind that these suggestions are only the very tip of the
iceburg, though, and that there is no such thing as total security. New
vulnerabilies are exploited everyday and because of that it's important
to make sure that your Anti-Virus is updated frequently to ensure its
database of virus definitions are current.
There are numerous other things you can do to continue hardening your
server against the multitudes of malicious crackers on today's Internet.
This battle begins with you formulating a solid understanding of the
general principles of security and some of the threats that you should
be aware of. Here are a few links to get you going:
Understanding Windows Security:
http://www.microsoft.com/technet/security/understanding/default.mspx
Some Threats and Countermeasures:
http://www.microsoft.com/downloads/info.aspx?na=40&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=8a2643c1-0685-4d89-b655-521ea6c7b4db&u=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLink ID%3d15159
Good collection of Windows OS Security Articles:
http://www.windowsecurity.com/articles/windows_os_security/
There are many collections of "Security Checklists" in circulation out
there. They are very helpful to a new administrator as security
guidelines can sometimes be overwhelming. It's easy to forget something
or overlook a very important facet of your server's defense so having a
good checklist ensures that you cover all your bases. Here are some good
examples:
Microsoft's Own Security Checklist:
http://microsoft.com/downloads/details.aspx?FamilyId=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en
US Dept. Of Defense Security Checklist for Window's Server 2003:
http://checklists.nist.gov/repository/1084.html
(direct download .zip file)
http://iase.disa.mil/stigs/checklist/W2K3-Checklist-V519-20070320.zip
Server 2003 Security Guide:
http://www.windowsecurity.com/articles/Windows_Server_2003_Security_Guide.html
Once you've gone through some security primers and have started
hardening your server, you will want to test your server to see if you
have things configured properly and to expose any remaining holes or
vulnerabilities (keeping in mind, there is no perfect
security...security is always a compromise between safety and
convenience). Here are some links to some valuable tools you will find
useful:
shields up services:
https://www.grc.com/x/ne.dll?bh0bkyd2
Security Tests
http://www.windowsecurity.com/securitytests/
Once you have hardened and tested your server, you will want to know how
to read and interpret your system, security and application logs. This
guide will teach you about the importance of log monitoring and educate
you on how Windows handles event logging:
http://www.windowsecurity.com/articles/Understanding_Windows_Logging.html
There are many more advanced methods and techniques for handling Server
2003 security. You might be familiar with the Security Configuration Wizard:
http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx
If you aren't, then here is a tutorial about that:
http://computerworld.com/hardwaretopics/hardware/server/story/0,10801,99418,00.html
Finally, here is a link to some of the management console "snap-in"
components that are necessary for advanced Windows security management:
http://www.windowsecurity.com/articles/Windows_Server_2003_Security_Analysis.html
Good Luck and keep everything updated. Remember, it's not really
paranoia when everyone really is out to get you! ;)
Server as soon as possible. The bare minimum for this would be to run
all Window's updates at the time of installation, configure automatic
updates to keep the system current with new critical patches, install an
Anti-Virus program and configure it to quarantine infected files and
schedule regular system scans and to enable and configure the Windows
Firewall.
After installation, we will install all critical system updates and
current patches for you, but you will need to ensure that at least the
other items are taken care of immediately. The security of your server
should be your highest initial priority, as it will help you immensely
in avoiding the hardships of having to deal with a compromised server
and infected data. And leaving a server unprotected on today's Internet
is a guaranteed way to find yourself in exactly that situation.
This thread is intended to provide you with as many resources as
possible to help you better understand Windows security and to point you
to some of the tools you will need to use to begin the server hardening
process.
To begin with, you should enable your firewall and install at least a
free Anti-Virus program. There are many commercial Anti-Virus solutions
available such as Symantec, McAfee and many others. Here are some links
to help get you started:
Enabling Windows Firewall:
http://technet2.microsoft.com/windowsserver/en/library/5b3670d9-59d3-47c0-9609-bfd2cc6a7e7c1033.mspx?mfr=true
Free Anti-Virus for Server 2003:
http://www.clamwin.com/
(please be aware that the default setting for this application is to
only report infected files. This should be changed to either quarantine
or remove, depending on your needs. Also, don't forget to create a
recurring system scan)
After these two items are completed, the next most important thing to do
is to be sure that your automatic updates are configured, unless you are
planning to handle this important task manually. Here are some helpful
guides:
http://support.microsoft.com/kb/327838
http://www.lockergnome.com/nexus/it/2004/12/07/automatic-update-in-windows-server-2003/
Once these three things have been performed, you can finally take a
breath knowing that your new Windows Server is relatively protected.
Please keep in mind that these suggestions are only the very tip of the
iceburg, though, and that there is no such thing as total security. New
vulnerabilies are exploited everyday and because of that it's important
to make sure that your Anti-Virus is updated frequently to ensure its
database of virus definitions are current.
There are numerous other things you can do to continue hardening your
server against the multitudes of malicious crackers on today's Internet.
This battle begins with you formulating a solid understanding of the
general principles of security and some of the threats that you should
be aware of. Here are a few links to get you going:
Understanding Windows Security:
http://www.microsoft.com/technet/security/understanding/default.mspx
Some Threats and Countermeasures:
http://www.microsoft.com/downloads/info.aspx?na=40&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=8a2643c1-0685-4d89-b655-521ea6c7b4db&u=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLink ID%3d15159
Good collection of Windows OS Security Articles:
http://www.windowsecurity.com/articles/windows_os_security/
There are many collections of "Security Checklists" in circulation out
there. They are very helpful to a new administrator as security
guidelines can sometimes be overwhelming. It's easy to forget something
or overlook a very important facet of your server's defense so having a
good checklist ensures that you cover all your bases. Here are some good
examples:
Microsoft's Own Security Checklist:
http://microsoft.com/downloads/details.aspx?FamilyId=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en
US Dept. Of Defense Security Checklist for Window's Server 2003:
http://checklists.nist.gov/repository/1084.html
(direct download .zip file)
http://iase.disa.mil/stigs/checklist/W2K3-Checklist-V519-20070320.zip
Server 2003 Security Guide:
http://www.windowsecurity.com/articles/Windows_Server_2003_Security_Guide.html
Once you've gone through some security primers and have started
hardening your server, you will want to test your server to see if you
have things configured properly and to expose any remaining holes or
vulnerabilities (keeping in mind, there is no perfect
security...security is always a compromise between safety and
convenience). Here are some links to some valuable tools you will find
useful:
shields up services:
https://www.grc.com/x/ne.dll?bh0bkyd2
Security Tests
http://www.windowsecurity.com/securitytests/
Once you have hardened and tested your server, you will want to know how
to read and interpret your system, security and application logs. This
guide will teach you about the importance of log monitoring and educate
you on how Windows handles event logging:
http://www.windowsecurity.com/articles/Understanding_Windows_Logging.html
There are many more advanced methods and techniques for handling Server
2003 security. You might be familiar with the Security Configuration Wizard:
http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx
If you aren't, then here is a tutorial about that:
http://computerworld.com/hardwaretopics/hardware/server/story/0,10801,99418,00.html
Finally, here is a link to some of the management console "snap-in"
components that are necessary for advanced Windows security management:
http://www.windowsecurity.com/articles/Windows_Server_2003_Security_Analysis.html
Good Luck and keep everything updated. Remember, it's not really
paranoia when everyone really is out to get you! ;)