chapter 9 hardening servers. c reating a baseline policy security parameters used to create a...

CHAPTER 9HARDENING SERVERS

CREATING A BASELINE POLICY

Security parameters used to create a baseline installation can be configured using a Group Policy Object (GPO)

Contains setting for a myriad of different configuration parameters associated with OS & the applications running on it.

SETTING AUDIT POLICIES

Auditing is important because it enables you to gather information about the computers activities as it happens.

When security disaster happens, you need as much as information as possible & audit policies allows the data collection.

If you configure the system to audit too many events, you might end up with big log files consuming large disk space.

Possible values to determine conditions; Success only Failure only Success & failure No auditing

SETTING EVENT LOG ON POLICIES

Controls various aspects of the log performance including; Maximum size of logs Who has access to them How the log behave when they reach their maximum

size There are 3 policies one for each of the logs:

application, security & system Maximum log size Prevent local guest group from accessing log Retain log Retention method for log

Overwrite events by days, overwrite events as needed, do not overwrite events.

CONFIGURING SERVICES

A lot of services is installed in a server along with OS which starts running when the server starts.

Many of these services are not needed in a typical member server configuration & its good idea to disable the ones the computer don’t need.

Services are programs that runs continuously in the background waiting for another application to call them. For this reason, its potential for attacks from

intruders.

SECURING DOMAIN CONTROLLERS

For network that uses active directory, no servers are more important than the domain controllers.

Domain controllers provide authentication services for most network operations, store & distribute group policies.

Due to the importance of domain controllers, it should always be in secured location such as server closet or data center accessible to only administrative personnel.

SECURING DOMAIN CONTROLLERS

Assigning user rights The use of policies to give administrator the access

they need to manage domain controller. Add workstations to domain

Adding a new computer in the active directory only to be done by the administrator else vunerable to attack from intruders.

Shut down the system Shutting down a domain controller can affect

systems all over the network.

SECURING INFRASTRUCTURE SERVERS

Infrastructure servers are computers that run network support services such as DNS, DHCP & WINS.

An infrastructure server can also run other roles such as application, file & print server.

DNS Security Advantage of storing zones in active directory, is the

directory service takes over securing & replicating the DNS data. Protection against unauthorized access.

DHCP security Interruption of DHCP might not have immediate effect

on your network but eventually your clients leases will expire & they wont be able to obtain a new one.