Windows 2008 Server Security Consolidation several considerations _win Server

First, the System information

View System version	Windows Server 2008 R2 Enterprise
Use	VPN server
View Host Name
View network Configuration

Second, antivirus software management

2.1 Kill Soft Installation

Purpose of Operation	Prevent Trojan and Virus harm program
Check method	Check to see if the system kill soft service is started.
Reinforcement method	Install antivirus software, turn on real-time monitoring, set appropriate monitoring level, and set password for kill soft.
Whether to implement
Note

Third, Patch management

3.1 Patch Installation

Purpose of Operation	Install system patches, patch vulnerabilities
Check method	Scan using the leak-sweeping tool.
Reinforcement method	Use tools to automate patching.
Whether to implement
Note

Four, the account password

4.1 Optimization Account

Purpose of Operation	Reduce system useless account, reduce risk
Check method	"Win+r" button Up "Run"->compmgmt.msc (Computer Management)-> Local Users and groups to see if there are no unused accounts, the system account is the correct group and the Guest account is locked
Reinforcement method	Use the net user Username/del command to delete an account Use the "NET user username/active:no" command to lock an account
Whether to implement
Note	Check the registry to prevent shadow accounts.

4.2 Password Policy

Purpose of Operation	Increase password complexity and locking strategy to reduce the likelihood of brute force cracking
Check method	The "Win+r" key calls up the "run"->secpol.msc (local Security Policy)-> security settings
Reinforcement method	1, account strategy-> password Policy Passwords must meet complexity requirements: enable Minimum password length: 8 characters Minimum password Age: 0 days Maximum password Age: 90 days Enforce password history: a remember Password To store passwords with reversible encryption: disabled 2, Account set-> account lockout policy Account lockout time: 30 minutes Account lockout threshold: 5 times Invalid Login Reset account lockout counter: 30 minutes 3, Local policy-> security options Interactive logon: Do not display the last username: Enabled
Whether to implement
Note	The "Win+r" key calls up "run"->gpupdate/force takes effect immediately

V. Network Services

5.1 Optimization Service

Purpose of Operation	Turn off unwanted services and reduce risk
Check method	The "Win+r" key calls up "run"->services.msc
Reinforcement method	The following services are changed manually COM + Event System DHCP Client Diagnostic Policy Service Distributed Transaction Coordinator DNS Client Distributed Link Tracking Client Remote Registry Print Spooler Server (can be closed without file sharing) Shell Hardware Detection TCP/IP NetBIOS Helper Windows Update
Whether to implement
Note	Disabling services requires caution, especially for remote computers

5.2 Turn off sharing

Purpose of Operation	Turn off default sharing
Check method	"Win+r" button Up "Run"->cmd.exe->net share, view share
Reinforcement method	Turn off default shares such as c$,d$ "Win+r" Key Call "Run"->regedit-> find Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters, New AutoShareServer (REG_DWORD) with a key value of 0
Whether to implement
Note

5.3 Network restrictions

Purpose of Operation	Network access Restrictions
Check method	The "Win+r" key calls up "run"->secpol.msc-> security Settings-> Local policy-> security options
Reinforcement method	Network access: Do not allow anonymous enumeration of SAM accounts: Enabled Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled Network access: Apply Everyone permissions to anonymous users: Disabled Account: Local account with null password allows only console logon: Enabled
Whether to implement
Note	The "Win+r" key calls up "run"->gpupdate/force takes effect immediately

Vi. File System

6.1 Using NTFS

Purpose of Operation	Enhance file system security
Check method	To see if each system drive uses the NTFS file system
Reinforcement method	It is recommended that you use the NTFS file system to convert commands: Convert < drive letter:/fs:ntfs
Whether to implement
Note

6.2 Check Everyone permissions

Purpose of Operation	Enhance Everyone permissions
Check method	Right-mouse system drive (disk)-> "Properties"-> "security" to see if each system drive root is set to everyone has all permissions
Reinforcement method	Remove everyone's permissions or cancel everyone's write permission
Whether to implement
Note

6.3 Restricting command permissions

Purpose of Operation	Restricting permissions on partial commands
Check method	Use the cacls command or the resource Manager to view the following file permissions
Reinforcement method	It is recommended that you restrict the following commands to only system, administrator groups %systemroot%\system32\cmd.exe %SystemRoot%\System32\regsvr32.exe %systemroot%\system32\tftp.exe %systemroot%\system32\ftp.exe %systemroot%\system32\telnet.exe %systemroot%\system32\net.exe %systemroot%\system32\net1.exe %SYSTEMROOT%\SYSTEM32\cscript.exe %systemroot%\system32\wscript.exe %systemroot%\system32\regedit.exe %systemroot%\system32\regedt32.exe %systemroot%\system32\cacls.exe %systemroot%\system32\command.com %systemroot%\system32\at.exe
Whether to implement
Note	May affect business system uptime

Vii. Journal Audit

7.1 Enhanced Log

Purpose of Operation	Increase log size to avoid logging incomplete due to too small log file capacity
Check method	The "Win+r" key calls up the "run"->eventvwr.msc-> "Windows log"-> view the properties of the application security system
Reinforcement method	Recommended settings: Log upper Limit size: 20480 KB
Whether to implement
Note

7.2 Enhanced Audits

Purpose of Operation	Audit system events for troubleshooting when future failures occur
Check method	"Win+r" key to bring up "run"->secpol.msc-> security Settings-> Local policy-> Audit policy
Reinforcement method	Recommended settings: Audit Policy changes: successful Audit logon events: Success, failure Audit object access: Successful Audit process tracking: success, failure Audit directory service access: Success, failure Audit system events: success, failure Audit account logon events: Success, failure Audit account Management: Success, failure
Whether to implement
Note	The "Win+r" key calls up "run"->gpupdate/force takes effect immediately

Note: This template is from Baidu down, I made the appropriate changes.