SlideShare a Scribd company logo

Windows server hardening 1

F
Frank Avila Zapata

Windows server

Technology
1 of 10
Download to read offline
Windows Server Hardening Checklist
3 3 4 4 5 6 7 8 8 8 9 Table of Contents Organizational Security Windows Server Preparation Windows Server Installation User Account Security Hardening Network Security Configuration Registry Security Configuration General Security Settings Audit Policy Settings Software Security Guide Finalization About Netwrix 2
Organizational Security Windows Server hardening involves identifying and remediating security vulnerabilities. Here are the top Windows Server hardening best practices you can implement immediately to reduce the risk of attackers compromising your critical systems and data. Maintain an inventory record for each server that clearly documents its baseline configuration and records each change to the server. 3 Thoroughly test and validate every proposed change to server hardware or software before making the change in the production environment. Regularly perform a risk assessment. Use the results to update your risk management plan and maintain a prioritized list of all servers to ensure that security vulnerabilities are fixed in a timely manner. Keep all servers at the same revision level. Windows Server Preparation Protect newly installed machines from hostile network traffic until the operating system is installed and hardened. Harden each new server in a DMZ network that is not open to the internet. Set a BIOS/firmware password to prevent unauthorized changes to the server startup settings. Disable automatic administrative logon to the recovery console. Configure the device boot order to prevent unauthorized booting from alternate media.
Windows Server Installation Ensure the system does not shut down during installation. 4 Use the Security Configuration Wizard to create a system configuration based on the specific role that is needed. Ensure that all appropriate patches, hotfixes and service packs are applied promptly. Security patches resolve known vulnerabilities that attackers could otherwise exploit to compromise a system. After you install Windows Server, immediately update it with the latest patches via WSUS or SCCM. Enable automatic notification of patch availability. Whenever a patch is released, it should be analyzed, tested and applied in a timely manner using WSUS or SCCM. User Account Security Hardening Ensure your administrative and system passwords meet password best practices. In particular, verify that privileged account passwords are not be based on a dictionary word and are at least 15 characters long, with letters, numbers, special characters and invisible (CTRL ˆ ) characters interspersed throughout. Ensure that all passwords are changed every 90 days. Configure account lockout Group Policy according to account lockout best practices. Disallow users from creating and logging in with Microsoft accounts. Disable the guest account. Do not allow “everyone” permissions to apply to anonymous users. Do not allow anonymous enumeration of SAM accounts and shares. Disable anonymous SID/Name translation. Promptly disable or delete unused user accounts.
Network Security Configuration Enable the Windows firewall in all profiles (domain, private, public) and configure it to block inbound traffic by default. 5 Perform port blocking at the network setting level. Perform an analysis to determine which ports need to be open and restrict access to all other ports. Restrict the ability to access each computer from the network to Authenticated Users only. Do not grant any users the 'act as part of the operating system' right. Deny guest accounts the ability to log on as a service, a batch job, locally or via RDP. If RDP is utilized, set the RDP connection encryption level to high. Remove Enable LMhosts lookup. Disable NetBIOS over TCP/IP. Remove ncacn_ip_tcp. Disable the sending of unencrypted passwords to third-party SMB servers. Do not allow any shares to be accessed anonymously. Allow Local System to use computer identity for NTLM. Disable Local System NULL session fallback. Configure allowable encryption types for Kerberos. Do not store LAN Manager hash values. Set the LAN Manager authentication level to allow only NTLMv2 and refuse LM and NTLM. Configure both the Microsoft Network Client and the Microsoft Network Server to always digitally sign communications. Remove file and print sharing from network settings. File and print sharing could allow anyone to connect to a server and access critical data without requiring a user ID or password.
Registry Security Configuration Ensure that all administrators take the time to thoroughly understand how the registry functions and the purpose of each of its various keys. Many of the vulnerabilities in the Windows operating system can be fixed by changing specific keys, as detailed below. 6 Configure registry permissions. Protect the registry from anonymous access. Disallow remote registry access if not required. Set MaxCachedSockets (REG_DWORD) to 0. Set SmbDeviceEnabled (REG_DWORD) to 0. Set AutoShareServer to 0. Set AutoShareWks to 0. Delete all value data INSIDE the NullSessionPipes key. Delete all value data INSIDE the NullSessionShares key.
General Security Settings Disable unneeded services. Most servers have the default install of the operating system, which often contains extraneous services that are not needed for the system to function and that represent a security vulnerability. Therefore, it is critical to remove all unnecessary services from the system. 7 Remove unneeded Windows components. Any unnecessary Windows components should be removed from critical systems to keep the servers in a secure state. Enable the built-in Encrypting File System (EFS) with NTFS or BitLocker on Windows Server. Require Ctrl+Alt+Del for interactive logins. Configure a machine inactivity limit to protect idle interactive sessions. Ensure all volumes are using the NTFS file system. Set the system date/time and configure it to synchronize against domain time servers. Configure a screen saver to lock the console's screen automatically if it is left unattended. If the workstation has significant random access memory (RAM), disable the Windows swapfile. This will increase performance and security because no sensitive data can be written to the hard drive. Do not use AUTORUN. Otherwise, untrusted code can be run without the direct knowledge of the user; for example, attackers might put a CD into the machine and cause their own script to run. Configure Local File/folder permissions. Another important but often overlooked security procedure is to lock down the file-level permissions for the server. By default, Windows does not apply specific restrictions on any local files or folders; the Everyone group is given full permissions to most of the machine. Remove this group and instead grant access to files and folders using role-based groups based on the least-privilege principle. Every attempt should be made to remove Guest, Everyone and ANONYMOUS LOGON from the user rights lists. With this configuration Windows will be more secure. Display a legal notice like the following before the user logs in: “Unauthorized use of this computer and networking resources is prohibited…”
Audit Policy Settings Enable Audit policy according to audit policy best practices. Windows audit policy defines what types of events are written in the Security logs of your Windows servers. 8 Configure the Event Log retention method to overwrite as needed and size up to 4GB. Configure log shipping to SIEM for monitoring. Software Security Guide Install and enable anti-virus software. Configure it to update daily. Install and enable anti-spyware software. Configure it to update daily. Install software to check the integrity of critical operating system files. Windows has a feature called Windows Resource Protection that automatically checks certain key files and replaces them if they become corrupted. Finalization Make an image of each OS using GHOST or Clonezilla to simplify further Windows Server installation and hardening. Enter your Windows Server 2016/2012/2008/2003 license key. Enter the server into the domain and apply your domain group policies.
Netwrix Corporation is a software company focused exclusively on providing IT security and operations teams with pervasive visibility into user behavior, system configurations and data sensitivity across hybrid IT infrastructures to protect data regardless of its location. Over 9,000 organizations worldwide rely on Netwrix to detect and proactively mitigate data security threats, pass compliance audits with less effort and expense, and increase the productivity of their IT teams. Founded in 2006, Netwrix has earned more than 140 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S. For more information about Netwrix, visit www.netwrix.com. netwrix.com/social Corporate Headquarters: 300 Spectrum Center Drive, Suite 200, Irvine, CA 92618 Phone: 1-949-407-5125 Toll-free: 888-638-9749 EMEA: +44 (0) 203-588-3023 About Netwrix
Harden the Security of Your Windows-Based Server Infrastructure with Netwrix Auditor Investigate suspicious changes made to your server objects and settings Detect critical security events before they result in a breach Limit your attack surface by regularly reviewing server configurations for deviations from a known good baseline Download Free 20-Day Trial

Recommended

Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 

Recommended

Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackFatima Qayyum
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysissecurityxploded
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdfReZa AdineH
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
Operations: Security
Operations: SecurityOperations: Security
Operations: SecurityAmazon Web Services
 

More Related Content

What's hot

Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardeninganupriti
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name SystemPeter R. Egli
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdfReZa AdineH
 

What's hot (20)

Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOAR
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdf
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 

Similar to Windows server hardening 1

Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
Deployment websese
Deployment webseseDeployment websese
Deployment websesethanglx
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
Planning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsPlanning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsStuart McIntyre
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Microsoft Operating System Vulnerabilities
Microsoft Operating System VulnerabilitiesMicrosoft Operating System Vulnerabilities
Microsoft Operating System VulnerabilitiesInformation Technology
 
Microsoft OS Vulnerabilities
Microsoft OS VulnerabilitiesMicrosoft OS Vulnerabilities
Microsoft OS VulnerabilitiesSecurityTube.Net
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEthical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEric Vanderburg
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Desktop and server securityse
Desktop and server securityseDesktop and server securityse
Desktop and server securityseAppin Ara
 

Similar to Windows server hardening 1 (20)

Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practices
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Returnil 2010
Returnil 2010Returnil 2010
Returnil 2010
 
Deployment websese
Deployment webseseDeployment websese
Deployment websese
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Planning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsPlanning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) Deployments
 
MBESProductSheet (1)
MBESProductSheet (1)MBESProductSheet (1)
MBESProductSheet (1)
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Microsoft Operating System Vulnerabilities
Microsoft Operating System VulnerabilitiesMicrosoft Operating System Vulnerabilities
Microsoft Operating System Vulnerabilities
 
Microsoft OS Vulnerabilities
Microsoft OS VulnerabilitiesMicrosoft OS Vulnerabilities
Microsoft OS Vulnerabilities
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEthical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
 
How to configure esx to pass an audit
How to configure esx to pass an auditHow to configure esx to pass an audit
How to configure esx to pass an audit
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Desktop and server securityse
Desktop and server securityseDesktop and server securityse
Desktop and server securityse
 
Desktop and Server Security
Desktop and Server SecurityDesktop and Server Security
Desktop and Server Security
 

More from Frank Avila Zapata

pulsar-160-ns-fi-sd-td_compressed_compressed (1).pdf
pulsar-160-ns-fi-sd-td_compressed_compressed (1).pdfpulsar-160-ns-fi-sd-td_compressed_compressed (1).pdf
pulsar-160-ns-fi-sd-td_compressed_compressed (1).pdfFrank Avila Zapata
 

More from Frank Avila Zapata (8)

40_Dias_prueba_de_fuego.pdf
40_Dias_prueba_de_fuego.pdf40_Dias_prueba_de_fuego.pdf
40_Dias_prueba_de_fuego.pdf
 
Introducción.pdf
Introducción.pdfIntroducción.pdf
Introducción.pdf
 
pulsar-160-ns-fi-sd-td_compressed_compressed (1).pdf
pulsar-160-ns-fi-sd-td_compressed_compressed (1).pdfpulsar-160-ns-fi-sd-td_compressed_compressed (1).pdf
pulsar-160-ns-fi-sd-td_compressed_compressed (1).pdf
 
0195-plsql-basico.pdf
0195-plsql-basico.pdf0195-plsql-basico.pdf
0195-plsql-basico.pdf
 
Excel para estad
Excel para estadExcel para estad
Excel para estad
 
Ft 5-elem-lona-2
Ft 5-elem-lona-2Ft 5-elem-lona-2
Ft 5-elem-lona-2
 
Ficha hh
Ficha hhFicha hh
Ficha hh
 
015 trabajos en caliente rev1
015 trabajos en caliente rev1015 trabajos en caliente rev1
015 trabajos en caliente rev1
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Windows server hardening 1

  • 2. 3 3 4 4 5 6 7 8 8 8 9 Table of Contents Organizational Security Windows Server Preparation Windows Server Installation User Account Security Hardening Network Security Configuration Registry Security Configuration General Security Settings Audit Policy Settings Software Security Guide Finalization About Netwrix 2
  • 3. Organizational Security Windows Server hardening involves identifying and remediating security vulnerabilities. Here are the top Windows Server hardening best practices you can implement immediately to reduce the risk of attackers compromising your critical systems and data. Maintain an inventory record for each server that clearly documents its baseline configuration and records each change to the server. 3 Thoroughly test and validate every proposed change to server hardware or software before making the change in the production environment. Regularly perform a risk assessment. Use the results to update your risk management plan and maintain a prioritized list of all servers to ensure that security vulnerabilities are fixed in a timely manner. Keep all servers at the same revision level. Windows Server Preparation Protect newly installed machines from hostile network traffic until the operating system is installed and hardened. Harden each new server in a DMZ network that is not open to the internet. Set a BIOS/firmware password to prevent unauthorized changes to the server startup settings. Disable automatic administrative logon to the recovery console. Configure the device boot order to prevent unauthorized booting from alternate media.
  • 4. Windows Server Installation Ensure the system does not shut down during installation. 4 Use the Security Configuration Wizard to create a system configuration based on the specific role that is needed. Ensure that all appropriate patches, hotfixes and service packs are applied promptly. Security patches resolve known vulnerabilities that attackers could otherwise exploit to compromise a system. After you install Windows Server, immediately update it with the latest patches via WSUS or SCCM. Enable automatic notification of patch availability. Whenever a patch is released, it should be analyzed, tested and applied in a timely manner using WSUS or SCCM. User Account Security Hardening Ensure your administrative and system passwords meet password best practices. In particular, verify that privileged account passwords are not be based on a dictionary word and are at least 15 characters long, with letters, numbers, special characters and invisible (CTRL ˆ ) characters interspersed throughout. Ensure that all passwords are changed every 90 days. Configure account lockout Group Policy according to account lockout best practices. Disallow users from creating and logging in with Microsoft accounts. Disable the guest account. Do not allow “everyone” permissions to apply to anonymous users. Do not allow anonymous enumeration of SAM accounts and shares. Disable anonymous SID/Name translation. Promptly disable or delete unused user accounts.
  • 5. Network Security Configuration Enable the Windows firewall in all profiles (domain, private, public) and configure it to block inbound traffic by default. 5 Perform port blocking at the network setting level. Perform an analysis to determine which ports need to be open and restrict access to all other ports. Restrict the ability to access each computer from the network to Authenticated Users only. Do not grant any users the 'act as part of the operating system' right. Deny guest accounts the ability to log on as a service, a batch job, locally or via RDP. If RDP is utilized, set the RDP connection encryption level to high. Remove Enable LMhosts lookup. Disable NetBIOS over TCP/IP. Remove ncacn_ip_tcp. Disable the sending of unencrypted passwords to third-party SMB servers. Do not allow any shares to be accessed anonymously. Allow Local System to use computer identity for NTLM. Disable Local System NULL session fallback. Configure allowable encryption types for Kerberos. Do not store LAN Manager hash values. Set the LAN Manager authentication level to allow only NTLMv2 and refuse LM and NTLM. Configure both the Microsoft Network Client and the Microsoft Network Server to always digitally sign communications. Remove file and print sharing from network settings. File and print sharing could allow anyone to connect to a server and access critical data without requiring a user ID or password.
  • 6. Registry Security Configuration Ensure that all administrators take the time to thoroughly understand how the registry functions and the purpose of each of its various keys. Many of the vulnerabilities in the Windows operating system can be fixed by changing specific keys, as detailed below. 6 Configure registry permissions. Protect the registry from anonymous access. Disallow remote registry access if not required. Set MaxCachedSockets (REG_DWORD) to 0. Set SmbDeviceEnabled (REG_DWORD) to 0. Set AutoShareServer to 0. Set AutoShareWks to 0. Delete all value data INSIDE the NullSessionPipes key. Delete all value data INSIDE the NullSessionShares key.
  • 7. General Security Settings Disable unneeded services. Most servers have the default install of the operating system, which often contains extraneous services that are not needed for the system to function and that represent a security vulnerability. Therefore, it is critical to remove all unnecessary services from the system. 7 Remove unneeded Windows components. Any unnecessary Windows components should be removed from critical systems to keep the servers in a secure state. Enable the built-in Encrypting File System (EFS) with NTFS or BitLocker on Windows Server. Require Ctrl+Alt+Del for interactive logins. Configure a machine inactivity limit to protect idle interactive sessions. Ensure all volumes are using the NTFS file system. Set the system date/time and configure it to synchronize against domain time servers. Configure a screen saver to lock the console's screen automatically if it is left unattended. If the workstation has significant random access memory (RAM), disable the Windows swapfile. This will increase performance and security because no sensitive data can be written to the hard drive. Do not use AUTORUN. Otherwise, untrusted code can be run without the direct knowledge of the user; for example, attackers might put a CD into the machine and cause their own script to run. Configure Local File/folder permissions. Another important but often overlooked security procedure is to lock down the file-level permissions for the server. By default, Windows does not apply specific restrictions on any local files or folders; the Everyone group is given full permissions to most of the machine. Remove this group and instead grant access to files and folders using role-based groups based on the least-privilege principle. Every attempt should be made to remove Guest, Everyone and ANONYMOUS LOGON from the user rights lists. With this configuration Windows will be more secure. Display a legal notice like the following before the user logs in: “Unauthorized use of this computer and networking resources is prohibited…”
  • 8. Audit Policy Settings Enable Audit policy according to audit policy best practices. Windows audit policy defines what types of events are written in the Security logs of your Windows servers. 8 Configure the Event Log retention method to overwrite as needed and size up to 4GB. Configure log shipping to SIEM for monitoring. Software Security Guide Install and enable anti-virus software. Configure it to update daily. Install and enable anti-spyware software. Configure it to update daily. Install software to check the integrity of critical operating system files. Windows has a feature called Windows Resource Protection that automatically checks certain key files and replaces them if they become corrupted. Finalization Make an image of each OS using GHOST or Clonezilla to simplify further Windows Server installation and hardening. Enter your Windows Server 2016/2012/2008/2003 license key. Enter the server into the domain and apply your domain group policies.
  • 9. Netwrix Corporation is a software company focused exclusively on providing IT security and operations teams with pervasive visibility into user behavior, system configurations and data sensitivity across hybrid IT infrastructures to protect data regardless of its location. Over 9,000 organizations worldwide rely on Netwrix to detect and proactively mitigate data security threats, pass compliance audits with less effort and expense, and increase the productivity of their IT teams. Founded in 2006, Netwrix has earned more than 140 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S. For more information about Netwrix, visit www.netwrix.com. netwrix.com/social Corporate Headquarters: 300 Spectrum Center Drive, Suite 200, Irvine, CA 92618 Phone: 1-949-407-5125 Toll-free: 888-638-9749 EMEA: +44 (0) 203-588-3023 About Netwrix
  • 10. Harden the Security of Your Windows-Based Server Infrastructure with Netwrix Auditor Investigate suspicious changes made to your server objects and settings Detect critical security events before they result in a breach Limit your attack surface by regularly reviewing server configurations for deviations from a known good baseline Download Free 20-Day Trial