Hi friends, Today we are going to discuss about the necessary security controls in windows OS. Here in this post we are going to discuss about windows server 2008 R2. Let's check security controls in the windows one by one.
There are various Registry Settings a huge list of Registry values, Security policies, services managements, we need to set and handle according to company baselines. So how we can do this tedious task easily. we can't set each registry values manually one by one because it takes huge time to set all the settings. So what we can do for it. So for settings all the values we have Microsoft Compliance Manager by which we can handle all the Registry values at same time for download windows Microsoft Compliance Manager from official site here
Security Controls are given below
MBSA finds various issues like missing patches for Security Updates like for installed Microsoft tools, missing Windows Security updates, missing SQL Server Security updates. Administrator Vulnerabilities like Automatic updates, password expiration, Incomplete Updates, Windows filewall, Local Account Password Test, File System, Auto logon, Guest Account, Restrict Anonymous, List of Administrators. Additional System Information Auditing, Services, Shares, Windows Versions etc.
There are various Registry Settings a huge list of Registry values, Security policies, services managements, we need to set and handle according to company baselines. So how we can do this tedious task easily. we can't set each registry values manually one by one because it takes huge time to set all the settings. So what we can do for it. So for settings all the values we have Microsoft Compliance Manager by which we can handle all the Registry values at same time for download windows Microsoft Compliance Manager from official site here
Security Controls are given below
- Missing patches
- Unwanted Admins
- Security policy
- Services controls
- baselines and Registry settings
- Up-to date Antivirus
Let's understand these security controls one by one
- Missing patches : Missing patches are the Security vulnerability fixes which are released by Microsoft at every month. In the Missing patches all the security bugs fixed by Microsoft will be applied on the machine. So here we have Questions how we knows that our machine is vulnerable to the bugs or not. To analyse Security Bugs there is a tool from Microsoft known as MBSA ( Microsoft Baseline Security Analyzer ) you can download this tool free of cost and run it on your server it provide you all the security patches released according to your system. To run this tool on your system you required admin access on the server.
MBSA finds various issues like missing patches for Security Updates like for installed Microsoft tools, missing Windows Security updates, missing SQL Server Security updates. Administrator Vulnerabilities like Automatic updates, password expiration, Incomplete Updates, Windows filewall, Local Account Password Test, File System, Auto logon, Guest Account, Restrict Anonymous, List of Administrators. Additional System Information Auditing, Services, Shares, Windows Versions etc.
2. Unwanted Admins : Unwanted Admins are the local group administrators on the servers. To find the unwanted Admins on the servers run the below commands
open your cmd with admin privileges run the below commands
net localgroup administrators
above commands provides us all the admins on the servers
3. Security Policies : Security policies are the various security settings applied on the system. In these settings we can say account policy, local policy Windows firewall with advance security, Network list manager policies, public key policies, Software restrictions policies etc.
In account policy we can say we can set maximum password age, minimum password age, password must meet complexity etc. in account policy we can set settings like account lockout duration etc. in local policy various settings like access this computers locally or from internet who can access, backup files directory, who can force shutdown system from the networks etc. enable accounts , Disable Guest accounts etc settings are here, domain controllers settings etc are there. firewall settings for inbound and outbound connection are here. we can add secure certificates for SSL here and we can encrypt file system. Installed software controls etc are here only.
4. Services controls : There are various services in windows which start automatically when you start up your Windows Server. actually we do not need to be running these services. many of these services can impact performance and can also compromise security of your server. we need to identify unnecessary services and disable these services.
warning: disabling any services can cause installed application to fail, Recommended practice is to disable unnecessary services one at a time, testing all installed application to ensure that they still function correctly.
to perform this task, log on to your machine with the admin privileges. then follow the steps as given below.
Step 1 : To get the service list we have various ways. just go to run > services.msc and press Enter this gives you the list of services as given below.
else go to Start > Administrative Tools > Services
here i am giving you a list of few unnecessary services but again be careful and disable unnecessary services one by one
DHCP Client
DNS Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
Human Interface Device Access
IP Helper
Netword Location Awareness
Print Spooler
Windows Error Reporting Service
Alerter Service
Clipbook service
Computer Browser
Fax Service
Indexing Service
Internet Connection Sharing
IPSEC Policy Agent
Messenger service
Netlogon service
Network DDE
NTLM Security Support Provider
Performance Logs and Alerts
Plug and Play
QOS RSVP
Remote registry service
Routing and Remote Access
Runas service
Security Account Manager
Smart Card Helper
Smart Card
Server Service
TCP/IP NetBIOS Helper
Telephony Service
Telnet
these are the few unnecessary services in windows we need to disable.
Note:Read the description accordingly and if you ask me while disabling or manual the services then i recommend you to set manual then disabling services.
just go to service right click > properties > here you can select disable enable or manual settings according to your need. apply and OK
5. Registry settings : According to the Wikipedia, Windows Registry is hierarchical database that stores configuration settings and options on Microsoft Windows operating System. It contains settings for low-level operating system components and for applications running on the platform that use the Registry. The kernel,device drivers,services, SAM, user interface and third party applications can all make use of the Registry. The Registry also provides a means to access counter for profiling system performance.
go to run and type regedit
6. Up-to date Antivirus : Always keep your antivirus upto date to avoid various security attacks. always install latest dat version for your antivirus.
Note: These are the basic security controls in windows.
warning: disabling any services can cause installed application to fail, Recommended practice is to disable unnecessary services one at a time, testing all installed application to ensure that they still function correctly.
to perform this task, log on to your machine with the admin privileges. then follow the steps as given below.
Step 1 : To get the service list we have various ways. just go to run > services.msc and press Enter this gives you the list of services as given below.
else go to Start > Administrative Tools > Services
here i am giving you a list of few unnecessary services but again be careful and disable unnecessary services one by one
DHCP Client
DNS Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
Human Interface Device Access
IP Helper
Netword Location Awareness
Print Spooler
Windows Error Reporting Service
Alerter Service
Clipbook service
Computer Browser
Fax Service
Indexing Service
Internet Connection Sharing
IPSEC Policy Agent
Messenger service
Netlogon service
Network DDE
NTLM Security Support Provider
Performance Logs and Alerts
Plug and Play
QOS RSVP
Remote registry service
Routing and Remote Access
Runas service
Security Account Manager
Smart Card Helper
Smart Card
Server Service
TCP/IP NetBIOS Helper
Telephony Service
Telnet
these are the few unnecessary services in windows we need to disable.
Note:Read the description accordingly and if you ask me while disabling or manual the services then i recommend you to set manual then disabling services.
just go to service right click > properties > here you can select disable enable or manual settings according to your need. apply and OK
5. Registry settings : According to the Wikipedia, Windows Registry is hierarchical database that stores configuration settings and options on Microsoft Windows operating System. It contains settings for low-level operating system components and for applications running on the platform that use the Registry. The kernel,device drivers,services, SAM, user interface and third party applications can all make use of the Registry. The Registry also provides a means to access counter for profiling system performance.
6. Up-to date Antivirus : Always keep your antivirus upto date to avoid various security attacks. always install latest dat version for your antivirus.
Note: These are the basic security controls in windows.
0 comments:
Post a Comment