Introduction

Previous page
Table of content
Next page

Security is one of the most important topics today in the world of system administration. In the past, system administrators could get by with not worrying much about security, but with the common occurrence of fast-spreading viruses and worms, everyone has to do their part to make things as secure as possible. The security burden on system administrators is now at an all-time high.

The Windows Server operating systems are famous for their lack of security, but that has largely to do with how Microsoft tried to make Windows easier to use and "on by default" instead of "secure by default." With Windows Server 2003, the operating system is more secure after installation compared to its predecessors. But that is only part of the story. Computers cannot lie in state and remain secure. It is up to system administrators to constantly monitor and be proactive from a security perspective to truly keep systems secure.

And that is what this chapter is about. I cover several security best practices every system administrator should consider when maintaining Windows servers. This chapter is by no means comprehensive, but it does cover many of the basic security precautions that most system administrators should consider.

One thing Microsoft has done a much better job of recently is to publish decent whitepapers about security and securing the Windows OS. Here are a few good ones you might want to look at (all available from http://download.microsoft.com/):

  • Security Operations Guide for Windows 2000

  • Windows Server 2003 Security Guide

  • Best Practice Guide for Securing Active Directory Installations

  • Securing Windows Server 2003 Active Directory

Basic Tips

Before I dive into the recipes, I'm going to review a few general security precautions. Again, this isn't a comprehensive list, but if you did these and nothing else, you would be doing better than a lot of system administrators out there.

Understand Microsoft's 10 immutable laws of security

Microsoft discusses 10 laws of security on the TechNet web site:

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Take some time to understand each law (if they aren't self-evident). These laws are some of the most basic tenants of computer security, especially when dealing with Microsoft technologies.

Restrict physical access to computers

You could have the most hardened and locked down servers possible, but if an attacker can gain physical access to them, it is all for naught. Ensure your computers are as physically secure as possible. In remote sites, this can be difficult, and you should keep this in mind when planning to deploy critical services such as a domain controller or Exchange Server.

Don't use administrative accounts during day-to-day use

In the Windows NT days, before Remote Desktop Connection and the runas command were available, it wasn't uncommon for administrators to have their own personal account as part of the Domain Admins group. Now, you shouldn't need to do this. Create alternate administrative accounts in Active Directory (e.g., rallen for my personal account and rallen.adm for my administrative account). Use Remote Desktop Connection or runas to run programs that need admin privileges. This will reduce the chance (however unlikely) that you accidentally perform a damaging action on a server. Using your normal user account will also reduce the damage a virus or worm can do if your computer becomes infected.

Keep virus definitions up to date

One of the ways viruses spread so fast is that virus definitions aren't up-to-date on computers. With the blinding speed in which many viruses and worms propagate these days, you have to be on top of the latest definitions and able to push them out as quickly as you get them.

Make sure all critical patches are installed

Even if virus definitions aren't up-to-date, most viruses and worms would be stuck dead in their tracks if everyone installed critical security updates when they come out. Granted, this wasn't as necessary with Windows NT and when Windows 2000 was first introduced, but now, if you don't update your systems within days (and sometimes hours!) of new security updates becoming available, you are just asking to be hit with a new virus or worm. Here is a good site to bookmark and visit periodically to help keep you ahead of the curve with the latest Microsoft security issues: http://www.microsoft.com/technet/security/current.aspx.

Avoid casual use of your servers

Have you ever caught yourself browsing the Internet on a production server? It has happened to the best of us, but it is unacceptable. Avoid casual use of your servers as much as possible. In fact, the fewer times you have to use Terminal Service or access the console of your servers, the betterit reduces the chances of something bad happening accidentally. Being on a server unnecessarily can also make it more difficult to troubleshoot and identify the root cause of security incidents. By default, the version of IE that comes with Windows Server 2003 restricts you from viewing most sites; you have to add them to an exception list. Even though it can be annoying, don't disable this feature. It is a good deterrent to casual use.

Audit important activities

Windows provides the capability to log certain actions and activities that are performed on your servers and in Active Directory. By logging important activities, such as the modification of particular administrative groups, you can maintain an audit trail for later reference in case incidents arise. For more information on auditing, see Recipe 11.2.

Check event logs regularly

The event logs can contain a wealth of important security-related information, but they are often overlooked. This is partly due to the amount of noise that is in the event logs in the form of unimportant event messages. Develop a process to centralize and analyze your event logs regularly. Having this process will be even more critical if you are auditing important activities as described previously.

Know what to do when you discover you've been attacked

Most people think it can never happen to them, but the sad truth is it can. In fact, most system administrators don't have near as much security expertise as professional attackers. If a particular attacker (or worse, a group of attackers) takes a fancy to your organization, you'll have to be on top of your game to avoid some type of successful penetration. Some of the best in the business have been attacked. The moral of the story is that you should be prepared for the possibility of being attacked. What would you do? Here are a few good links that might help you develop an incident response plan:

  • http://www.cert.org/tech_tips/root_compromise.html

  • http://www.cert.org/

  • http://www.securityfocus.com/

  • http://microsoft.com/security

Maintain (and test!) backups

The worst case is that you have a server that gets successfully compromised. Unless you feel extremely confident that you know exactly what was compromised, your best bet would be to reimage the system and restore from a known good backup. That means you need good backups to start with. And if you are performing regular backups, I highly suggest performing a periodic test restore to make sure the backups are good and can be used in an emergency.


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Java I/O
Image Processing with LabVIEW and IMAQ Vision
Developing Tablet PC Applications (Charles River Media Programming)
Java How to Program (6th Edition) (How to Program (Deitel))
C & Data Structures (Charles River Media Computer Engineering)
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy