Windows 2008 Server Security Consolidation several considerations _win Server

Source: Internet
Author: User
Tags anonymous file permissions gpupdate

First, the System information

View System version

Windows Server 2008 R2 Enterprise

Use

VPN server

View Host Name

View network Configuration

Second, antivirus software management


2.1 Kill Soft Installation


Purpose of Operation

Prevent Trojan and Virus harm program

Check method

Check to see if the system kill soft service is started.

Reinforcement method

Install antivirus software, turn on real-time monitoring, set appropriate monitoring level, and set password for kill soft.

Whether to implement

Note

Third, Patch management

3.1 Patch Installation


Purpose of Operation

Install system patches, patch vulnerabilities

Check method

Scan using the leak-sweeping tool.

Reinforcement method

Use tools to automate patching.

Whether to implement

Note

Four, the account password


4.1 Optimization Account


Purpose of Operation

Reduce system useless account, reduce risk

Check method

"Win+r" button Up "Run"->compmgmt.msc (Computer Management)-> Local Users and groups to see if there are no unused accounts, the system account is the correct group and the Guest account is locked

Reinforcement method

Use the net user Username/del command to delete an account

Use the "NET user username/active:no" command to lock an account

Whether to implement

Note

Check the registry to prevent shadow accounts.


4.2 Password Policy


Purpose of Operation

Increase password complexity and locking strategy to reduce the likelihood of brute force cracking

Check method

The "Win+r" key calls up the "run"->secpol.msc (local Security Policy)-> security settings

Reinforcement method

1, account strategy-> password Policy

Passwords must meet complexity requirements: enable

Minimum password length: 8 characters

Minimum password Age: 0 days

Maximum password Age: 90 days

Enforce password history: a remember Password

To store passwords with reversible encryption: disabled

2, Account set-> account lockout policy

Account lockout time: 30 minutes

Account lockout threshold: 5 times Invalid Login

Reset account lockout counter: 30 minutes

3, Local policy-> security options

Interactive logon: Do not display the last username: Enabled

Whether to implement

Note

The "Win+r" key calls up "run"->gpupdate/force takes effect immediately

V. Network Services


5.1 Optimization Service


Purpose of Operation

Turn off unwanted services and reduce risk

Check method

The "Win+r" key calls up "run"->services.msc

Reinforcement method

The following services are changed manually

COM + Event System

DHCP Client

Diagnostic Policy Service

Distributed Transaction Coordinator

DNS Client

Distributed Link Tracking Client

Remote Registry

Print Spooler

Server (can be closed without file sharing)

Shell Hardware Detection

TCP/IP NetBIOS Helper

Windows Update

Whether to implement

Note

Disabling services requires caution, especially for remote computers

5.2 Turn off sharing


Purpose of Operation

Turn off default sharing

Check method

"Win+r" button Up "Run"->cmd.exe->net share, view share

Reinforcement method

Turn off default shares such as c$,d$

"Win+r" Key Call "Run"->regedit-> find Hkey_local_machine\system\currentcontrolset\services\lanmanserver\parameters, New AutoShareServer (REG_DWORD) with a key value of 0

Whether to implement

Note

5.3 Network restrictions


Purpose of Operation

Network access Restrictions

Check method

The "Win+r" key calls up "run"->secpol.msc-> security Settings-> Local policy-> security options

Reinforcement method

Network access: Do not allow anonymous enumeration of SAM accounts: Enabled

Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled

Network access: Apply Everyone permissions to anonymous users: Disabled

Account: Local account with null password allows only console logon: Enabled

Whether to implement

Note

The "Win+r" key calls up "run"->gpupdate/force takes effect immediately

Vi. File System

6.1 Using NTFS


Purpose of Operation

Enhance file system security

Check method

To see if each system drive uses the NTFS file system

Reinforcement method

It is recommended that you use the NTFS file system to convert commands: Convert < drive letter:/fs:ntfs

Whether to implement

Note


6.2 Check Everyone permissions


Purpose of Operation

Enhance Everyone permissions

Check method

Right-mouse system drive (disk)-> "Properties"-> "security" to see if each system drive root is set to everyone has all permissions

Reinforcement method

Remove everyone's permissions or cancel everyone's write permission

Whether to implement

Note

6.3 Restricting command permissions


Purpose of Operation

Restricting permissions on partial commands

Check method

Use the cacls command or the resource Manager to view the following file permissions

Reinforcement method

It is recommended that you restrict the following commands to only system, administrator groups

%systemroot%\system32\cmd.exe

%SystemRoot%\System32\regsvr32.exe

%systemroot%\system32\tftp.exe

%systemroot%\system32\ftp.exe

%systemroot%\system32\telnet.exe

%systemroot%\system32\net.exe

%systemroot%\system32\net1.exe

%SYSTEMROOT%\SYSTEM32\cscript.exe

%systemroot%\system32\wscript.exe

%systemroot%\system32\regedit.exe

%systemroot%\system32\regedt32.exe

%systemroot%\system32\cacls.exe

%systemroot%\system32\command.com

%systemroot%\system32\at.exe

Whether to implement

Note

May affect business system uptime

Vii. Journal Audit

7.1 Enhanced Log


Purpose of Operation

Increase log size to avoid logging incomplete due to too small log file capacity

Check method

The "Win+r" key calls up the "run"->eventvwr.msc-> "Windows log"-> view the properties of the application security system

Reinforcement method

Recommended settings:

Log upper Limit size: 20480 KB

Whether to implement

Note

7.2 Enhanced Audits


Purpose of Operation

Audit system events for troubleshooting when future failures occur

Check method

"Win+r" key to bring up "run"->secpol.msc-> security Settings-> Local policy-> Audit policy

Reinforcement method

Recommended settings:

Audit Policy changes: successful

Audit logon events: Success, failure

Audit object access: Successful

Audit process tracking: success, failure

Audit directory service access: Success, failure

Audit system events: success, failure

Audit account logon events: Success, failure

Audit account Management: Success, failure

Whether to implement

Note

The "Win+r" key calls up "run"->gpupdate/force takes effect immediately

Note: This template is from Baidu down, I made the appropriate changes.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.