Security Guide for Windows Server 2016

If you guys are working with Windows Server 2016, you must also be interested in the Security Guide.

Microsoft released Windows Server 2016 Security Guide. Access it here:

 http://download.microsoft.com/download/5/8/5/585DF9E9-D3D6-410A-8B51-81C7FC9A727C/Windows_Server_2016_Security_Guide_EN_US.pdf

If you’re into the following roles; the guide is essential for you;

  • Security professional. Individuals in this role focus on how to provide security across computing platforms within an organization. Security professionals require a reliable reference guide that addresses the security needs of all segments of their organizations and also offers proven methods to implement security countermeasures. They identify security features and settings, and then provide recommendations on how their customers can most effectively use them in high risk environments.
  • IT operations and deployment staff. Individuals in all of these roles troubleshoot security issues as well as application installation, configuration, usability, and manageability issues. They monitor these types of issues to define measurable security improvements with minimal impact on critical business applications. Individuals in IT operations focus on integrating security and controlling change in the deployment process, and deployment personnel focus on administering security updates quickly.
  • Systems architect and planner. Individuals in this role drive the architecture efforts for computer systems in their organizations.
  • Consultant. Individuals in this role are aware of security scenarios that span all the business levels of an organization. IT consultants from both Microsoft Services and partners take advantage of knowledge transfer tools for enterprise customers and partners.

In addition to the resources listed in this guide, here are a number of additional resources to help you secure Windows Server environment:

Advertisements

Using Group Policy to prevent FTP.EXE from running

Wow, its been some time i wrote something since i took on my new role. Thought i should pick up my “pen”, erm, rather keyboard and start striking again.

The main focal point of today’s entry in my tech diary, is spurned by a question, can i block ftp.exe program from running in Windows 7. As we all know, Windows 7 loads up with ftp.exe as a process installed. Try opening your command prompt and type “ftp”.

image

At this time, you open up the task manager, you’ll notice “ftp.exe” amongst the many processes you have.

image

FTP on its own isn’t a very secure protocol. Its been around for a very long time. Secure FTP is the preferred way of doing FTP these days. A good Admin will secure all sensitive protocol with IPSec, but that is out of scope at the moment for this short write up.

To prevent “FTP.EXE” from being loaded, there are several ways. One of the most primitive way is to delete the file. Yup, an easy but not enforceable, because someone can simply copy and put it back.

To completely prevent FTP.EXE from running, one should be exploring using enforcement via Group Policies. It is the most effective way of governance across the enterprise.

Here are the steps (Done locally on a Windows 7 client, you should do this via GPMC on the right domain policy):

  1. Edit the appropriate GPO and navigate to “Computer Configuration-> Windows Settings –> Security Settings –> Software Restriction Policies.
  2. Create a new Software Restriction Policy if it isn’t already created.
  3. in the Software Restriction Policy, click on Additional Rules.
  4. Right click Additional Rules and click on New Hash Rule
  5. To identify the binary running ftp.exe, click on Browse and locate “C:\Windows\System32\ftp.exe”.
  6. Under security level, select disallowed and click OK.

image

At this stage, your computer has been updated with the new GPO. However, it will not take effect till the next reboot or till you run the command “gpupdate /force”.

After which, try running FTP. You should be greeted with this message

image

You can use this technique to prevent banned software from running. On the flip side, you couldn’t also block all software from running except for selected few. Have fun.

/Dennis

High Alert! Conficker Worm Causing Panic

We have received quite a number of reports of Conficker worm making its round in Malaysia. Please note that this is not isolated to Malaysia, but is wide spread through the world. If you have been updating your machines and keeping them up to date, good on you.

Almost all Anti-Virus Vendor are having a tough time dealing with it.

Below are some information that will help identify, fix and resolve.
Do note that detection and cleaning of the worm is already taken into account with the latest ForeFront signature.

Security Bulletin

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Summary, Analysis, Prevention & Recovery

http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.B

Good News for ISA Users- There are scripts available publically from http://www.isatools.org/tools.asp?Context=ISA2006, http://www.isatools.org/tools.asp?Context=ISA2004 à   “block conficker.vbs” which will block the worm  at perimeter level itself.

Please proactively monitor your environment. This may potentially be damaging on a scale similar to Blaster. Staying up to date and taking steps to prevent is the best form of defense.

/Dennis

iMac hit by Malware

For Mac lovers who thought they’re very safe on a secure platform, think again.

I don’t wish to hit out at Mac that its unsecure, but i do want to bring out that Mac also needs protection. The OS itself needs protection. In fact, any operating system needs additional protection.

Windows covers almost 90% of the computers out that, making it a super hot target.
However, think again, because its a hot target, most attackers would have hit it relatively hard. In Microsoft, there are many initiatives and efforts to make sure Windows Operating Systems remain secure.

So think hard, a tested and tried OS that has constant mechanism to secure and update, versus one that has never been rigorously hit and tried. 🙂

Anyway, here’s the iMac article a fellow Windows group pal brought up.
http://sgwindowsgroup.org/forums/t/2899.aspx

Security Guides

Security Guidance

 

Microsoft Security Assessment Tool 4.0

The Microsoft Security Assessment Tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. This revised version features an updated defense-in-depth assessment plus questions related to the evolving threat landscape. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance.

 

IT Compliance Management Guide

The IT Compliance Management Guide can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. Use its configuration guidance to help efficiently address your organization’s GRC objectives.

 

Microsoft Encrypting File System Assistant

The Encrypting File System (EFS) Assistant is a software tool you can use to centrally control EFS settings on your mobile or desktop PCs. The EFS Assistant can help you encrypt the sensitive files on your users’ laptops, regardless of where those files are located. Part of the Data Encryption Toolkit for Mobile PCs, a community version of the tool, is also available from CodePlex at www.codeplex.com/EFSAssistant.

 

Configuring Security in IIS 7.0

Windows Server 2008 featuring Internet Information Services 7.0 (IIS 7.0) is a powerful Web application and services platform that delivers rich Web-based experiences. Learn how to install and configure security settings for IIS 7.0, including built-in user and group accounts, URL authorization, SSL, and request filtering.

 

UrlScan v3.0

UrlScan version 3.1 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.

 

Checklist: Securing Web Services

Part of the patterns and practices guide for "Improving Web Application Security," this checklist is designed to help developers build and secure Web services by outlining design, development, and administrative considerations.

 

A Guide to Securing ISA Server 2006

Get best practices for securing your servers, using the Security Configuration Wizard, and assigning administrative roles.

/Dennis