Shutting down unnecessary services, ports, and Accounts makes Windows Server 2003 impregnable.
Hackers typically access servers through unused (not configured or insecure) ports and services, such as Internet Information Services (IIS). To limit entry points, server hardening includes blocking unused ports and protocols while aborting unnecessary services. Microsoft's recently released Windows Server 2008 may be a concern, but most organizations still use Server 2003 until Microsoft stops supporting it. Although Server 2003 may not be up to date and is not the most powerful, you can maintain a better security status by taking some simple-but necessary-steps to harden your system.
1 Consider security issues from the start stage
Building a hardened server means implementing the security process from the initial installation. The new computer should be installed in a separate network, before operating system hardening, to guard against possible adverse traffic flow into the computer.
In the first few steps of installation, you will be asked to select FAT (file allocation table) or NTFS (new technology file system). All NTFS is selected. Fat is the original file system that Microsoft designed for the early operating system. NTFS is introduced in Windows NT, which provides a lot of security that fat cannot provide: including access control tables (ACLs) and file system logs, which can be recorded before they are submitted to the primary file system. Next, use the latest service Pack (SP2) and any available patches. Although many of the patches in the service pack are relatively stale, they encompass a number of familiar vulnerabilities that can be exploited by attackers, such as denial of service attacks, remote code execution, and Cross-site scripting attacks.
2. Setting Security Policy
Now, you are ready to start serious thinking about serious work. The easiest way to harden Windows Server 2003 is to take advantage of the Server Configuration Wizard (SCW), which helps you create a secure policy, a security policy that is specifically based on the functionality of the servers in your network.
The Server Configuration Wizard allows you to set features, customer characteristics, services and ports, and administrative options. Select these options to activate the appropriate ports and services.
SCW differs from Configuring Your Server Wizard (Configure Your server Wizard). SCW does not install the server components, but it can detect ports and services and configure the registry and auditing settings. SCW is not installed by default, so you must add SCW through Add/Remove Programs in Control Panel. Select the Add/Remove Windows Components button and select the Security Configuration Wizard (SCW). Once installed, you can access SCW from Administrative tools.
SCW creates a security policy that is an XML file that configures services, network security, specific registry parameters, audit policies, and, if appropriate, configures IIS. By configuring the interface, you can create new security policies, and you can review existing policies or apply them to other servers on your network. If the new policy creates a conflict or instability, it can adjust it to its original state.
SCW covers all aspects of Server 2003 security. The wizard begins with the security Configuration database, which contains information about all features, customer characteristics, management options, services, and ports. For applications, there is also a detailed knowledge base. This means that when the selected server feature must be an application-a--windows firewall such as a customer feature that is automatically updated or a management program such as a file backup will open the necessary ports. When the application shuts down, the port is automatically cut off.
Security settings for network and registry protocols, as well as security signatures for service information blocks (SMB), enhance the protection of primary server features. In order to connect with external resources, the Out-of-band authentication setting determines the level of authentication required.
You can also set up audit policies in the Server Configuration Wizard. All successful and failed activities should be audited and documented.
The final step of SCW includes an audit strategy (see Figure 2 above). By default, Server 2003 audits only successful activities, but for an enhanced system, all successful and failed activities should be audited and logged. Once the wizard completes, the security policy can be stored as an XML file that can be immediately applied to the server, saved and ready for use, or applied to other servers. Do you need to return to a server that is not hardened at installation time? SCW can also be installed and run on an existing server.