OS Security
Del Mar College 
CS/IT Dept 
Online Courses 
Cyber Security 
Cisco Academy Operating System Security (3-3-4) 11.1003
Windows Server 2008 Security Guide
This lesson guide provides instructions and recommendations to help strengthen the OS Security of computers running Windows Server® 2008 that are members of an Active Directory® domain. This Windows Server 2008 Security Guide consists of 11 chapters, and an appendix that you can use to reference setting descriptions, considerations, and values. The Windows Server 2008 Security Guide Settings workbook file that accompanies this guide provides another resource that you can use to compare and evaluate the Group Policy settings. In addition, the Windows Server 2008 Attack Surface Reference workbook provides summary information about services, files, and firewall rules specific to each server role that this guide covers. The following figure shows the guide structure to help inform you how to optimally implement and deploy the prescriptive guidance.
.jpg)
Overview
The overview states the purpose and scope of the guide and indicates the organization of the guide to assist you in locating the information relevant to you. It also describes the tools and templates that accompany the guide, and the user prerequisites for the guidance. Brief descriptions follow for each chapter and the appendix for the guide.
Chapter 1: Implementing a Security Baseline
This chapter identifies
the benefits to an organization of creating and deploying a security baseline. The chapter includes high-level security
design recommendations that you can follow in preparation to implement either
the EC baseline settings or the SSLF baseline settings. The chapter explains
important security considerations for both the EC environment and the SSLF environment, and the broad
differences between these environments.
The Windows
Server 2008 Security Guide Settings workbook that accompanies this guide
provides another resource that you can use to compare and evaluate the Group
Policy settings. The GPOAccelerator tool is available as a separate
download from the Microsoft Download Center. For instructions on how to use the
tool, see How to Use the GPOAccelerator.
Caution
The guidance in
this chapter positions your organization to establish the SSLF environment,
which is distinct from the EC environment.
The SSLF guidance is for high security environments only. It is not a supplement
to the guidance on the EC environment. Security settings prescribed for the SSLF
environment limit key functionality across the environment. For this reason, the
SSLF security baseline is not intended
for most organizations. Be prepared to extensively test the SSLF security
baseline before implementing it in a production
environment.
Chapter 2: Reducing
the Attack Surface by Server
Role
This chapter provides an
overview of built-in tools in Windows Server 2008 that can help you to
quickly configure, maintain, and enforce all of the required functionality for
the servers in your environment. The chapter discusses using Server Manager
to
help reduce the attack surface of your
servers by only configuring the functionality that each specific server role
requires.
The chapter then discusses
how you can use the Security Configuration Wizard (SCW) to help maintain and enforce the
configuration implemented by Server Manager. The
chapter also provides information about Server Core, a new
installation option in Windows Server 2008.
Chapter 3:
Hardening Active Directory Domain Services
This chapter discusses how
organizations can harden Active
Directory Domain Services (AD DS) to manage users
and resources, such as computers, printers, and applications on a network. AD DS in Windows Server 2008
includes a number of new features that are not available in previous versions of
Windows Server, and some of these features focus on deploying AD DS more
securely. Features that enhance security in AD DS include new auditing capabilities, fine-grained password policies, and the ability to use read-only domain
controllers (RODCs).
Chapter 4:
Hardening DHCP
Services
This chapter provides
prescriptive guidance for hardening the DHCP Server role. The chapter
discusses DHCP Server and DHCP Client services in Windows Server 2008 that
include security-related enhancements for Network Access Protection (NAP) and DHCPv6 functionality.
Chapter 5:
Hardening DNS
Services
This chapter provides
prescriptive guidance for hardening the DNS Server role. Windows
Server 2008 provides enhancements in the DNS Server service that focus on
improving performance or provide new features, including background zone
loading to help circumvent potential
denial-of-service (DoS) attacks, and support for RODCs located in perimeter
networks, branch offices, or other
unsecured environments.
Chapter 6:
Hardening Web
Services
This chapter provides
prescriptive guidance for hardening the Web Server role. The chapter
discusses how the Web server role installs Microsoft® Internet Information
Services (IIS) 7.0, which has been
redesigned into forty modular components that you can choose to install as
needed.
Chapter 7:
Hardening File
Services
This chapter provides
prescriptive guidance for hardening the File Server role. File servers can
provide a particular challenge to harden, because balancing security and
functionality of the fundamental services that they provide is a fine art.
Windows Server 2008 introduces a number of new features that can help you
control and harden a file server in your environment.
Chapter 8:
Hardening Print
Services
This chapter provides
prescriptive guidance for hardening the Print Server role. Significant
security changes were introduced to printing services in the operating system
for Windows Vista, and these changes
have also been incorporated into Windows Server 2008 for your organization
to take full advantage of them.
Chapter 9:
Hardening Active Directory Certificate
Services
This chapter provides
prescriptive guidance for hardening Active Directory Certificate Services (AD CS) on a
server running Windows Server 2008. AD CS provides customizable
services for creating and managing public key certificates used in software
security systems that employ public key technologies. The chapter discusses how
your organizations can use AD CS to enhance security by binding the
identity of a person, device, or service to a corresponding private
key.
Chapter 10:
Hardening
Network Policy and Access
Services
This chapter provides
prescriptive guidance for hardening Network Policy and Access Services on servers running
Windows Server 2008. Network Policy and Access Services (NPAS) in Windows Server 2008 provide
technologies that allow you to deploy and operate a virtual private network
(VPN), dial-up networking, 802.1x protected
wired and wireless access, and Cisco Network Admission Control (NAC)-based
devices.
The chapter discusses how
you can use NPAS to define and enforce
policies for network access authentication, authorization, as well as client health using Network
Policy Server (NPS), the Routing and Remote
Access Service, Health Registration
Authority (HRA), and the Host Credential
Authorization Protocol (HCAP).
Chapter 11:
Hardening Terminal Services
This chapter provides
prescriptive guidance for hardening Terminal Services
on servers running Windows
Server 2008. These servers provide essential services that allow users to
access Windows-based programs or the full Microsoft Windows® desktop from
various locations. Windows Server 2008 includes a number of specific role
services for this technology that your organization can use, including TS
Licensing to manage Terminal Server client access licenses (TS CALS) that
are required for devices and users to connect to a terminal
server.
The chapter also discusses
how the Terminal Services Session Broker (TS Session Broker)
role service supports reconnection to an existing session on a terminal server
that is a member of a load-balanced terminal server farm, how the Terminal
Services Gateway (TS Gateway) role service enables authorized users to
connect to terminal servers and remote desktops on the corporate network over the Internet using RDP via HTTPS,
and how the Terminal Services Web Access (TS Web Access) role service
allows authorized users to gain access to terminal servers via a Web
browser.
Appendix A: Security
Group Policy Settings
The appendix includes
descriptions and tables that detail the prescribed settings in the EC and SSLF
security baselines for this guide. The
appendix describes each setting and the reasoning for their configuration
values. The appendix also indicates setting differences between Windows
Server 2008 and Windows Server 2003.
"Cyberspace: A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphical representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters and constellations of data. Like city lights, receding..."
(William Gibson -'Neuromancer')
Course Syllabus
Course Outline
Ch. Guides
Ch. Powerpoints
Lecture Notes
Ch. Reviews
Ch. Solutions
Gradebook
Downloads
Adware / Viruses
Boot Disk Images
MP3 Subscription
WMA Subscription
Subscription
Subscription
Subscription
Security Glossary
DOS based Tools
Windows XP/2003 Tools
CDROM/CDRW Tools
Flash/Shockwave Tools
Flash/Shockwave Tools
Flash/Shockwave Tools
1. Malware Definitions
2. Signs of Infection
3. Infection Methods
4. Quick Removal
5. Detection & Removal
6. Removal Tools
7. Protective Measures