For security and new application requirements, more and more enterprises are now deploying servers based on the Windows Server 2008 platform, and even some individual users are using it. system. As far as the author understands, in the face of a relatively unfamiliar Server system, the administrators are most concerned about the smooth transition of the system platform and how to deploy security. The author below combines his own experience to talk about the security deployment of Windows Server 2008 from six aspects.
1, security deployment from the installation
To create a strong and secure server, you must pay attention to the security of every detail from the beginning of installation, of course, the deployment of Windows Server 2008 No exception. The new server should be installed on an isolated network to eliminate all possible channels of attack until the operating system's defenses are completed. In the initial steps of starting the installation, we will be asked to choose between FAT (File Allocation Table) and NTFS (New Technology File System). At this time, everyone must choose NTFS format for all disk drives. FAT is a relatively primitive file system that was not counted for earlier operating systems. NTFS emerged with the advent of NT, which provides security features not available in FAT, including Access Control Lists (ACLs) and File System Joumaling, file system logging for file systems. Any change. Next, we need to install the latest Service Pack (SP2) and any popular patches available. While many of the patches in the service pack are quite old, they can fix several known vulnerabilities that can cause threats, such as denial of service attacks, remote code execution, and cross-site scripting.
2. Configure security policy through SCW
After installing the system, we can sit down and do some more detailed security work. The easiest way to improve the immunity of Windows Server 2008 is to use the Server Configuration Wizard (SCW) for secure deployment. It guides us through the creation of a secure policy based on the role of the server on the network.
(1). Installation of SCW
It should be noted that SCW is different from Configure Your Server wizafd. SCW does not install server components, but monitors ports and services and configures registration and auditing settings. SCW is not installed by default, so we have to add it via the Add/Remove Programs window in the Control Panel. Select the "Add/Remove Windows Components" button and select "Security Configuration Wizard" and the installation process will start automatically. Once installed, SCW can be accessed from the Administrative Tools.
(2). Configuring Security Policy with SCW
The security policy created by SCW is in XML file format, which can be used to configure services, network security, specific registry values, and audit policies. Even if possible, you can configure IIS. The configuration interface allows you to create new security policies or edit existing ones and apply them to other servers on the network. If the policy created by an operation creates a conflict or instability, then we can roll back the operation.
It can be said that SCW covers all the basic elements of Windows Server 2008 security. Running the wizard, the first thing that comes up is the security configuration database, which contains all the roles, client functions, management options, services, and side f1. SCW also includes a broad knowledge base of application knowledge. This means that when a selected server role requires an application, client functions such as automatic updates or management applications such as backing up the Windows firewall will automatically open the required ports. The port is automatically blocked when the application is closed. Network security settings, registry protocols, and server message block (SMB) signature security add security to critical server functions. The Outbound Authentication setting determines the level of authentication required to connect to external resources.
The final step in SCW is related to the audit strategy. By default, Windows Server 2008 only audits successful activities, but for an enhanced version of the system, both successful and failed activities should be audited and logged. Once the wizard executes
, the created umbrella policy is saved in an XML and can be used by the server immediately, for later use, and even by other servers. Servers that do not perform the first step of the hardening process during server installation can also install SCW.
Previous 12 3 4 Next Read more
Normally, when we start Windows Server 2008, the operating system will automatically load all the ha
My hp3704 can not be installed win2003 (depressed for a long time, a friend only know how to install
According to Microsofts roadmap, the official version of the next-generation server operating system
A new server management console is available to simplify the task of installing, managing, and secur
How to migrate Windows 2003 to Windows 2008
Win2008 latest activation method announced [Graphic]
Add Hyper-V components to Windows Server 2008
How to install Hyper-V under Windows Server 2008 Core
Windows Server 2008 Data Security Protection
Advantages of Ribbon Software in Win8 System
Windows server 2008 R2 upgrade to windows 2012 migration Alwayson AG method
Windows Server 2008 Network Neighborhood Open Slow Solution
Windows Server 2008 R2 With SP1 Simplified Chinese version with crack patch
Win2008 IIS7 installation tutorial
Win2008 Offline File Feature Configuration Enablement The
Windows Server 2008 R2 method and precautions for modifying SID
The technique of effectively shortening the time of win10 such as program response
Win8.1 how to change the resolution
Win7 32-bit and 64-bit differences
Hidden features of Windows 8 M2 7955
Can't install Tencent QQ under Windows 8, what should I do?
Win7 typing green black arrow box reason and solution
Moving closer to Windows 8 New personalized library page
How to check the system installation time of Win10
Firefox browser teaches you how to break through the album chain restrictions