Nine ways to build a secure Win Server 2008

To create a powerful and secure server, you must focus on the security of every detail from the very beginning. The new server should be installed on an isolated network to eliminate all possible channels of attack until the operating system's defenses are completed.

In the initial steps of starting the installation, you will be asked to choose between FAT (File Allocation Table) and NTFS (New Technology File System). At this point, you must choose the NTFS format for all disk drives. FAT is a relatively primitive file system designed for early operating systems. NTFS emerged with the advent of NT, which provides a security feature not available in FAT, including Access Control Lists (ACLs) and File System Journaling. File System Logging Any changes to the file system. Next, you need to install the latest Service Pack (SP2) and any popular patches available. While many of the patches in the Service Pack are quite old, they can fix several known vulnerabilities that can cause threats, such as denial of service attacks, remote code execution, and cross-site scripting.

After installing the system, you can sit down and do some more detailed security work. The easiest way to improve the immunity of Windows Server 2003 is to use the Server Configuration Wizard (SCW), which guides you through the process of creating a secure policy based on the role of the server on the network.

SCW is different from the Configure Your Server Wizard. SCW does not install server components, but monitors ports and services and configures registration and auditing settings. SCW is not installed by default, so you must add it via the Add/Remove Programs window of the Control Panel. Select the "Add/Remove Windows Components" button and select "Security Configuration Wizard" and the installation process will start automatically. Once installed, SCW can be accessed from the Administrative Tools.

Security policies created through SCW are in XML file format and can be used to configure services, network security, specific registry values, audit policies, and, if possible, IIS. The configuration interface allows you to create new security policies or edit existing ones and apply them to other servers on the network. If the policy created by an operation creates a conflict or instability, you can roll back the operation.

SCW covers all the basics of Windows Server 2003 security. Running the wizard, the first thing that appears is the Security Configuration Database, which contains all the roles, client features, management options, services, ports, and more. SCW also includes a broad knowledge base of application knowledge. This means that when a selected server role requires an application -- client functions such as automatic updates or management applications such as backup -- the Windows Firewall will automatically open the required ports. The port is automatically blocked when the application is closed.

Network security settings, registry protocols, and Server Message Block (SMB) signature security increase the security of critical server functions. The Outbound Authentication setting determines the level of authentication required to connect to external resources.

The final step in SCW is related to the audit strategy. By default, Windows Server 2003 only audits successful activities, but for an enhanced version of the system, both successful and failed activities should be audited and logged. Once the wizard is executed, the created security policy is stored in an XML and can be used by the server immediately, for later use, and even by other servers. Servers that do not perform the first step of the hardening process during server installation can also install SCW.

From the moment you press the server's power button, until the operation starts and all services are active, the malicious behavior of the threat system still has a chance to damage the system. In addition to the operating system operating system, a healthy server should start with a password-protected BIOS/firmware. In addition, as far as the BIOS is concerned, the server's power-on sequence should be set correctly to prevent booting from unauthorized other media.

Immediately after starting the computer, press the F2 key, and you will be taken to the BIOS setup page. You can use Alt-P to move back and forth on the various settings tabs of the BIOS. On the Boot Order tab, set the server startup preference to Internal HDD. On the Boot Order tab, there are three options for hard disk passwords: Primary, Administrative, and Hard.

Similarly, features that automatically run external media, including CDs, DVDs, and USB drives, should be disabled. In the registry, enter the path HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Cdrom (or other device name) and set the Autorun value to 0. The autorun feature has the potential to automatically launch malicious applications carried on portable media. This is an easy way to install Trojan, Backdoor, KeyLogger, Listener and other malware (see Figure 4).

The next line of defense is about how the user logs into the system. While alternative technologies for authentication, such as biometrics, tokens, smart cards, and one-time passwords, can be used to protect systems in Windows Server 2003, many system administrators, whether local or remote, use The combination of username and password is used as the verification code for the login server. But many times, they all use the default password, which is obviously asking for trouble. Previous 12 3 4 Next Read more