We've heard a lot about server hardening, but what kind of server is a hardened Windows server? Some IT auditors define it as a system that follows a generally accepted list of enhanced content. Some more paranoid people think it is a fully locked server, so that no one can connect to the server. If you ask some managers what is an enhanced server, they often circle and then ask you "What does reinforcement mean?"
If you refer to industry recommendations, you might think that your Windows system is the least secure in the world. of. Don't worry too much about this. While the Cyber Security Windows Baseline and the US Department of Defense STIG are important, doing everything in strict accordance with books is not always feasible. You must balance both Windows security and business needs.
It seems that everyone has a different view of Windows system enhancements. Still, there should be a consensus on the level of enhancement of the system. So what do you need to focus on? It's very simple, just check what you've checked. What was the result of your last safety assessment? What are your auditors looking for and what are you against? Is it an internal policy? Maybe it is a rule or a standard? Maybe this is the best practice that others think?
Before you spend time, money and energy to strengthen your system, you need to know what you need to meet. If you don't know this, for example, if you have never conducted an independent assessment or internal audit, then you must start somewhere, right?
In most cases, many people are afraid of trouble and are reluctant to strengthen their Windows server configuration until an accident occurs. That is to say, you must be realistic and consciously carry out Windows hard work. See what is important. Will digital signing for SMB (Server Message Block) communication and audit target tracking and process tracking really benefit you? Especially when auditing and evaluation are about to begin? probably not. So rename the administrator and client accounts and disable some unwanted services? Well, you might do this. It depends on what will affect your business. I have seen administrators waste energy on very small things, others focus on low-level issues, and important things are often overlooked.
Here are some Windows Server enhancements you can take now, which will bring you a lot of benefits (free!):
-Lock shared files to ensure that the right people access the right information.
- Disable SMB empty conversation connections to prevent someone from spying around and collecting system configuration information.
- Enable Windows Firewall, or use a third-party alternative (this will limit others to the server or to the server, and will only let the boot user use a null dialog connection).
- Make sure you have the latest patches installed. (This is still a big problem on Windows servers.)
-Running anti-virus software (not running anti-virus software is another common negligence.)
-Set a secure and reasonable password. Don't believe in the myth of passwords.
-Enable successful auditing of account login events, account management and policy changes.
- Use disk encryption for exposed systems (the server will have long legs).
- Make sure your basic Active Directory configuration is very robust.
Whether you use Windows NT, 2000, Server 2003 or 2008, grabbing these basic tips will bring a miracle to your server security status. It may not be necessary (at least not yet) to tighten every corner and gap in the system. After you use the above criteria to establish an enhanced benchmark, if business risk proves that it is correct, then you can further strengthen control over the most critical servers.