Windows security features

  • Thread starter Thread starter TEK
  • Start date Start date
T

TEK

I am planning to enhance the security on my servers but first would like to
confirm with you, MVPs which are the security aspects of Windows I should
take care of. I am aware that Windows features the following security
aspects:

Firewall
IPsec
PKI - Certification Authority
User access auditing
Group Policies
NFTS Permissions

Is there something else I might be missing please?
 
Howdie!
I am planning to enhance the security on my servers but first would like to
confirm with you, MVPs which are the security aspects of Windows I should
take care of. I am aware that Windows features the following security
aspects:

Firewall
IPsec
PKI - Certification Authority
User access auditing
Group Policies
NFTS Permissions
Click to expand...

A topic I don't see on your list but might be cleared by the
technologies you have listed, would be "services". Make sure there's
nothing you run on the servers you don't really need. That mitigates
attack surface.

I most certainly wouldn't look into all of these aspects at the same
time but would concentrate on key technologies that make sense for the
particular server's role. You pretty much have the key technologies for
the servers - next step would be figuring out what servers and their
services need to be secured how.

cheers,

Florian
 
you might wanna import the SECUREDC templete
however this action is irreversible
you might wanna test it in your test lab before you bring it to production
---------
Dhruv


Florian Frommherz said:
Howdie!
I am planning to enhance the security on my servers but first would like to
confirm with you, MVPs which are the security aspects of Windows I should
take care of. I am aware that Windows features the following security
aspects:

Firewall
IPsec
PKI - Certification Authority
User access auditing
Group Policies
NFTS Permissions
Click to expand...

A topic I don't see on your list but might be cleared by the
technologies you have listed, would be "services". Make sure there's
nothing you run on the servers you don't really need. That mitigates
attack surface.

I most certainly wouldn't look into all of these aspects at the same
time but would concentrate on key technologies that make sense for the
particular server's role. You pretty much have the key technologies for
the servers - next step would be figuring out what servers and their
services need to be secured how.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Click to expand...
 
FYi securedc templete is for DCs only
there are other templeted for member servers as well in the smae folder
 
Back
Top