As a result of security and new application requirements, more and more organizations are now deploying servers based on Windows Server 2008 platforms, and even some individual users are using the system. I understand that in the face of a relatively unfamiliar server system, administrators are most concerned about the implementation of the system platform smoothing and how to deploy security. The following author combines his own experience to talk about the security deployment of Windows Server 2008 from six aspects.
1. Security deployment starts from installation
To create a strong and secure server, you must focus on the security of every detail from the first installation, and of course the deployment of Windows Server 2008 is no exception. The new server should be installed in an isolated network, eliminating all possible avenues of attack until the operating system's defenses are complete. In the initial steps of starting the installation, we will be asked to choose between fat (file allocation table) and NTFS (new technology file system). At this point, you must select the NTFS format for all disk drives. Fat is a relatively original file system that is not counted for an earlier operating system. With the advent of NT, NTFS can provide security features that are not available in fat, including access control lists (access Controls Lists, ACLs), and file system logs (Files systemjoumaling). File system log records any changes to the file system. Next, we need to install the latest service Pack (SP2) and any available hot fixes. Although many of the patches in the service pack are quite old, they can fix a number of known threats, such as denial of service attacks, remote code execution, and Cross-site scripting.
2. Configuring security Policy via SCW
After installing the system, we can sit down and do some more detailed security work. The easiest way to improve Windows Server 2008 immunity is to use the Server Configuration Wizard, Server Configuration Wizard, SCW, for security deployment. It instructs us to create a secure policy based on the role of the server on the network.
(1). Installation of SCW
It is necessary to note that SCW is different from the Configuration Service Wizard (Configure Your Server wizafd). SCW does not install server components, but monitors ports and services, and configures registration and auditing settings. SCW is not installed by default, so we have to add it through the Add/Remove Programs window in Control Panel. The installation process starts automatically when you select the Add/Remove Windows Components button and select the Security Configuration Wizard. Once installed, SCW can be accessed from the administrative tools.
(2). Configure security Policy with SCW
The security policy created through SCW is in the XML file format and can be used to configure services, network security, specific registry values, audit policies, and even if possible, to configure IIS. By configuring the interface, you can create new security policies, or edit existing policies and apply them to other servers on your network. If a policy created by an action creates a conflict or instability, then we can roll back the operation.
As you can say, SCW covers all the essentials of Windows Server 2008 security. Running the wizard starts with the Security configuration database, which contains all the roles, client features, management options, services, and F1, and so on. Configuration SCW also contains a broad knowledge base of application knowledge. This means that when a selected server role requires an application, client features such as Automatic Updates or administrative applications such as backup Windows automatically open the required ports. When the application shuts down, the port is automatically blocked. Network security settings, registry protocols, and server message blocks (ServerMessage block, SMB) signing security increase the availability of critical server functionality. The external authentication (outbound authentication) setting determines the level of authentication required to connect to external resources.
The final step of SCW is related to the audit policy. By default, WindowsServer 2008 audits only successful activities, but for a strengthened version of the system, both successful and failed activities should be audited and logged. Once the wizard executes
When completed, an umbrella strategy is created that is stored in an XML and can be used immediately by the server, or for later use, or even used by other servers. SCW can also be installed on servers that do not have the first step hardening process during server Setup.