Basic Rules Security Windows Server Auditing DNS …

1 M ay 2015 Basic Rules of Window s Ser verSecur it ySecurity News: PCI DSS v3 Im plem entation HurdleTop Tips for Windows Server Securit yUseful How-tos for Windows ServerPowerShell to Secure Windows ServerQuick Reference Guides: Windows Server AuditingDNS Auditing3M ay 2015 SysAdmin M agazine Basic Rules of Windows Server Securit yby Russell Sm ithTen Sim ple Ways t o Prevent Securit y Breaches in Windows Server 2012by Krishna Kum arPCI DSS v3's N um ber One Im plem ent at ion Hurdleby John O'Neill Sr. Windows 10 Technical Preview: N ew Securit y Feat uresby Krishna Kum arCont ent s581113 How t o Det ect Who Creat ed a Scheduled Task on Windows Server 19M ay 2015 SysAdmin M agazine Secure PowerShel Remoting Using Constrained Endpointsby Russell SmithQuick Reference Guide: Windows Server AuditingHow to Monitor Deletion of DNS Records2223 Monitoring Event Logs with PowerShellby Russell Sm ith 17 How t o Det ect Unaut horized Soft ware Inst allat ion on Windows Server - Who?

2 What ? When?15 Quick Reference Guide: Exchange Server Auditing24 Basic Rules ofWindows Server Security by Russell Smith M ay 2015 SysAdmin M agazine 3 Specializing in the m anagem ent and Security of Microsoft-based IT system s, Russell is the author of a book on Windows Security and a contributing author and Windows Server is considered to be secure out-of-the-box, like any part of your IT infrastructure, it needs to be patched, monitored and configured in an ongoing effort to ensure that it isn?t left exposed to attack. Let go through some of the tools and best practices that can help you keep Windows Server protected. M ay 2015 SysAdmin M agazine 4 Configure Baseline Securit y To keep the attack surface to a m inim um , Windows Server ?s m odular design allows you to add Server roles and features as required. Nevertheless, Windows Server is configured to provide interoperability and backwards com patibility with legacy system s out-of-the-box, and though this is convenient and m akes Windows Server easier to use, it can leave system s vulnerable.

3 Sm all businesses that have lim ited IT resources can use the Security Configuration Wizard (SCW) to lock down Windows Server . SCW is installed by default in Windows Server 2012 R2, and can be found on the Tools m enu in Server Manager. The wizard creates Security policies based on a series of questions you answer about your Server , which then can be applied to the local device, or converted to a Group Policy Object (GPO) and used to configure one or m ore servers if you have Active ?s free Security Com pliance Manager (SCM) tool com es bundled with a series of tem plates for securing Windows Server and client devices. SCM gives adm inistrators m ore control over the settings applied than SCW, and allows you to create custom Security baselines, and com pare settings between tem plates. Separat e Adm inist rat ive Dut ies and Least Privilege Securit y Virtualization technologies m ake it easier than ever to separate out Server roles, so you should m ake sure that dom ain controllers don?

4 T host other Server roles or applications, and are never used to perform everyday adm inistration tasks. Installing Server roles and applications on separate servers gives you m ore control over adm inistrative privileges, and helps to im prove Security by ensuring access to critical system s can be appropriately restricted. In a sim ilar vein, dom ain adm inistrator accounts should only be used where absolutely necessary. Using dom ain adm inistrator accounts to m anage workstations for exam ple, m akes it considerably easier for an attacker to get access to those credentials, at which point you can consider your entire Windows infrastructure owned. M onit oring and Audit ing Windows Server has built-in tools for m onitoring and Auditing , such as Event Viewer and som e handy PowerShell cm dlets. While using custom views in Event Viewer is useful for getting an overview of Server events, and PowerShell an option if you have the tim e and resources to create your own solution, the best way to ensure that Windows Server stays secure, and to m onitor configuration changes, is to deploy a third-party change Auditing solution.

5 Auditing solutions provide critical and detailed inform ation about who changed what, when and where, and includes ?before? and ?after ? configuration data so you can easily understand what has changed. Reporting features allow you to easily understand the changes that are occurring across your Windows Server estate, including applications such as Active Directory and Exchange, and in different easy-to-read form ats using pre-configured reports included with the software, so that you can get started quickly. They also go beyond the Auditing capabilities native to Windows Server to help better secure your system s by pulling inform ation from a wider variety of sources, and have extra features such as user activity video recording. Windows Server is configured to provide interoperability and backwards compatibility with legacy systems out-of-the-box, and though this is convenient and makes Windows Server easier to use, it can leave systems vulnerable.

6 Auditing solutions provide critical and detailed information about who changed what, when and where, and includes ?before? and ?after ? configuration data so you can easily understand what has Sim ple Ways to Prevent Securit y Breaches in Windows Server 2012 by Krishna KumarM ay 2015 SysAdmin M agazine 510+ years in IT Industry specializing in designing, im plem entation and adm inistration Windows Server is one of the most commonly deployed critical systems in the organization. Most of the applications used in the organization are also Windows based, plus there are other legacy applications built on these Windows platforms. Since these servers are used the most, they need to be configured with tight Security . The latest ones, Windows Server 2012 and Windows Server 2012 R2 have some great Security features and improvements to protect from Security threats and vulnerabilities. These features need to be implemented and configured to prevent against any kind of Security breaches occurring in the environment.

7 Given below are ten simple ways to prevent Security breaches in Windows Server 2012. M ay 2015 SysAdmin M agazine 61. M icrosoft Securit y Assessm ent ToolMicrosoft Security Assessm ent Tool is a free tool which helps identify and assess Security threats providing the guidelines for m inim izing risks quickly and efficiently. This single tool can run across the com plete environm ent like a PC Server , database or other heterogeneous environm ent. It has ?a set of hundred questionnaires? which helps understand the Security strategy and uses best practices to give the m ost appropriate recom m M icrosoft Securit y Baseline AnalyzerMicrosoft Security Baseline Analyzer helps scan the local and rem ote system s with eight categories of effectiveness, trustworthiness and reliability. It assists with categories such as Security , perform ance, configuration, policy and operation, pre-deploym ent, post-deploym ent and other prerequisites.

8 It scans the system for all the defined categories and searches to m atch the best practice rule specified in the Microsoft Security Baseline Analyzer. It looks into the system recom m endations with Error, Warning and Inform ation. Errors are returned when their conditions do not m atch. Warnings are returned when the conditions are m atched at 50-80% and when they are not fixed leading to the error situation. Sim ilarly, inform ation is returned when the conditions are satisfied with the best practice M icrosoft Securit y Com pliance M anagerMicrosoft Security Com pliance Manager is a great tool which helps in deploying, configuring and m anaging com puters in your environm ent using Group Policy and Microsoft System Center Configuration Manager (SCCM) with Microsoft Security Guide recom m endations and industry best practices. It allows configuring com puters running from the latest version to the legacy version of Windows Server , Windows client, Microsoft Office applications and Windows Internet Act ive Direct ory Right s M anagem ent (AD RM S)Active Directory Rights Managem ent can be im planted to protect the docum ents, presentations, workbooks and other sensitive inform ation from being forwarded, copied, and printed; also, it protects data from leaking.

9 Docum ents are protected using Inform ation Rights Managem ent, perm issions are provided down to file level and these perm ission are stored in the file itself. Hence, no m atter where, when and how a file is been stored and accessed, the appropriate perm ission restrictions are applied to the ApplockerApplocker prevents users from installing and using any unauthorized / unlicensed / outdated applications on the servers to avoid huge dam age to the perform ance and Security of the application and save huge am ount of adm inistrator ?s efforts on fixing. Protecting these applications reduces Security risks and increases perform Auditing allows the administrator to monitor various activities on the servers such as user activities, forensic analysis, regulator, compliance, troubleshooting, etc. through audit Security Assessment Tool has ?a set of hundred questionnaires? which helps understand the Security strategy and uses best practices to give the most appropriate ay 2015 SysAdmin M agazine 76.

10 Bit lockerBitlocker is a built-in feature to provide full disk encryption and protect against any kind of disk or rem ovable devices data theft. Disk failures are inevitable, but you can extract data from a failed disk. Hence, it is highly recom m ended to im plem ent Bitlocker and use it on servers which have sensitive inform ation. Bitlocker can be im plem ented on both physical and ? with som e additional configuration ? virtual m achines. 7. Securit y Audit ingSecurity Auditing allows the adm inistrator to m onitor various activities on the servers such as user activities, forensic analysis, regulator, com pliance, troubleshooting, etc. through audit logs. Audit log helps m onitoring any unusual activities or intruder attem pts to gain access. Other forensic attem pts are also logged, which allows adm inistrators to take action im m ediately. These Auditing logs can be kept for a while, until you need to analyze som e abnorm al user activity in the Sm art CardsWith the increased num ber of internet application and cloud-based system s, Sm art cards help im plem ent a two-factor authentication using the personal identification num ber (PIN).