Locking Down Windows Servers


For Windows Servers, follow the fundamental lockdown principles outlined earlier and the steps for locking down Windows Clients. For servers, the stakes are higher because a server usually runs some critical software such as a Microsoft SQL Server database, a Microsoft Exchange messaging system, or IIS. If an intruder takes down a client, he takes down one machine. If he takes down a server, the whole application is often disabled. The following sections outline some extra steps for securing servers.

Isolate Domain Controller

Because a domain controller plays such a critical role—maintaining and validating user accounts—it’s recommended you don’t use this for any role other than as a domain controller. File and printer services, IIS, databases, Exchange, and other server software should be installed on computers other than a domain controller.

Disable and Delete Unnecessary Accounts

Any user accounts that are not being used—such as accounts for employees who have left the company or the local Guest account—should be disabled or deleted. The reason is that every user account provides a potential way for an intruder to break into the network. Which should you choose: disable or delete? The rule of thumb is to disable the account first, and if nothing breaks, it’s probably safe to delete it. You might also consider deleting the local and domain Administrator accounts. The reason for doing this is to prevent intruders from breaking in using the Administrator account—if they already know one half of the most powerful account name/password combination, they are a step closer to breaking in.

Install a Firewall

Install a firewall between trusted and untrusted areas. For most companies, trusted equates to the local domain and untrusted equates to the Internet. A firewall is either some software on a server or a dedicated box—it is installed on the connection between the trusted and untrusted areas. A firewall allows only certain types of traffic through—for example, just http traffic using port 80. For more information on firewalls, see Chapter 13.




Security for Microsoft Visual Basic  .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net