Hardening Server Security

Previous page
Table of content
Next page

Previous versions of Windows Server 2003, such as Windows NT 4.0 and Windows 2000, often required a great deal of configuration after installation to "harden" the security of the server and ensure that viruses and exploits would not overwhelm or disable the server. The good news with Windows Server 2003 is that, by default, many less commonly used services are turned off. In fact, the entire Internet Information Services (IIS) 6.0 implementation on every server is turned off by default, making the actual server itself much less vulnerable to attack.

Subsequently, in Windows Server 2003, it is important to first define which roles a server will utilize and then to turn on only those services as necessary, and preferably with the use of the Configure Your Server Wizard, which will be explained in depth in the "Securing a Server Using the Configure Your Server Wizard" section in this chapter.

Defining Server Roles

Depending on the size of an organization, a server may be designated for one or multiple network roles. In an ideal world, a separate server or servers would be designated to handle a single role, such as DHCP server or DNS server. This scenario is not feasible for smaller organizations, however, and multiple roles can be placed on a single server, as defined by the needs of the organization.

Because any service that is activated increases the overall risk, it is important to fully define which roles a server will take on so that those services can be properly configured. Although these components can be set up manually, the process of turning on these services is streamlined through the use of the Configure Your Server Wizard.

Securing a Server Using the Configure Your Server Wizard

With the list of roles that a server will perform in hand, the ideal utility for turning on these roles and securing them is the newly renovated Configure Your Server (CYS) Wizard in Windows Server 2003. Vastly improved over the Windows 2000 version, the new CYS Wizard turns on only those services that are necessary. If a server is a DNS server but does not do File and Print, the CYS Wizard will automatically configure the server specifically for DNS access, limiting its vulnerability.

The Configure Your Server Wizard is straightforward to use, and can be invoked at any time. In addition to installing future services, the CYS Wizard will also display the current roles of an operating server. The CYS Wizard is used to establish a server as a dedicated WINS server, thus limiting its security exposure by shutting off all other unnecessary roles. The following steps detail the process:

1.

Open the CYS Wizard (Start, All Programs, Administrative Tools, Configure Your Server Wizard).

2.

Click Next twice at the Welcome and Preliminary screens. CYS will then detect the current network settings.

3.

On the subsequent screen, select the WINS server role, as illustrated in Figure 12.4, and click Next.

Figure 12.4. Running the Configure Your Server Wizard.


4.

At the Summary screen, click Next to continue. Setup may ask for the Windows Server 2003 CD at this point. Insert the CD as prompted.

5.

Click Finish at the Success screen.

6.

Repeat steps 15, except instead of adding a role, select the file server role to remove it. Click Next to continue.

Note

You must run the CYS Wizard multiple times to add or remove any additional roles.




Previous page
Table of content
Next page
Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499
Authors: Rand Morimoto, Michael Noel, Alex Lewis
BUY ON AMAZON
Strategies for Information Technology Governance
Building Web Applications with UML (2nd Edition)
C++ How to Program (5th Edition)
DNS & BIND Cookbook
GDI+ Programming with C#
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy