The Windows Server 2003 Security Guide page contains:
Security Guide Overview
Feedback to Solution Team
Updated April 23rd, 2003
The Windows Server 2003 Security Guide focuses on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments. While the product is extremely secure from the default installation, there are a number of security options that can be further configured based on specific requirements. This guidance not only provides recommendations, but also the background information on the risk that the setting is used to mitigate as well as the impact to an environment when the option is configured.
The material explains the different requirements to secure three distinct environments, as well as what each prescribed server setting addresses in terms of client dependencies. The three environments considered are called Legacy Client, Enterprise Client, and High Security.
The content for this guidance is broken into several different guides to ease usability. These include the Security Guide, a Companion Guide called Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP, a test guide, a delivery guide, and a support guide.
The Windows Server 2003 Security Guide consists of 12 chapters. Each chapter builds on the end – to – end process required to implement and secure Windows Server 2003 in your environment. The first few chapters describe building the foundation for hardening the servers in your organization, the remaining chapters document the procedures unique to each server role.
This chapter introduces the Windows Server 2003 Security Guide, and includes a brief overview of each chapter.
This chapter explains how the domain environment will be constructed as a baseline in order to provide guidance to secure a Windows Server 2003 infrastructure. The chapter first focuses on domain – level security settings and countermeasures. High level descriptions of the Microsoft Active Directory® service design, the organizational unit (OU) design, and domain policy are included.
This chapter explains security template settings and additional countermeasures for the server roles covered in the guide in all three environments. The chapter largely focuses on establishing a baseline for the server role hardening recommendations discussed later in the guide.
The domain controller server role is one of the most important roles to secure in any Windows Server 2003 Active Directory environment. This chapter is devoted to explaining the security considerations behind the recommended Domain Controller Group Policy.
In this chapter, the Infrastructure server role is defined as either a Dynamic Host Control Protocol (DHCP) server or a Windows Internet Name Service (WINS) server. Details are provided on the areas in which the Infrastructure servers in your environment can benefit from security settings that are not applied by the Member Server Baseline Policy (MSBP).
This chapter focuses on the File server role and the difficulties related to hardening servers designated for it. This chapter details any areas in which File servers can benefit from security settings not applied by the Member Server Baseline Policy (MSBP).
Print servers are the focus of this chapter. Again, the most essential services for these servers require use of Windows NetBIOS – related protocols. This chapter details the areas in which Print server security settings can be strengthened in ways that are not applied by the Member Server Baseline Policy (MSBP).
Sections in this chapter provide the detail on a variety of security hardening settings that should be implemented to enhance the security of IIS servers in your environment. The importance of security monitoring, detection, and response is emphasized to ensure that these servers stay secure.
Internet Authentication Servers (IAS) provide Radius services, a standards – based authentication protocol designed for verifying identity of clients accessing networks remotely. This chapter details any areas in which IAS Servers can benefit from security settings not applied by the Member Server Baseline Policy (MSBP).
Certificate Services provide the cryptographic and certificate management services needed to build a public key infrastructure (PKI) in your server environment. This chapter details any areas in which Certificate Services servers will benefit from security settings not applied by the Member Server Baseline Policy (MSBP).
Bastion hosts are servers that are accessible to clients from the Internet. Details are provided on any areas in which Bastion Hosts can benefit from security settings not applied by the Member Server Baseline Policy (MSBP), or the methods used to apply those settings in an Active Directory – based domain environment.
The concluding chapter of this guide recaps the important points of the material in a brief overview of everything discussed in the previous chapters.
The purpose of this guide is to provide a reference to many of the security settings available in the current versions of the Microsoft® Windows® operating systems. This is a companion guide for the Windows Server 2003 Security Guide.
For each setting discussed in this guide, information is provided regarding the threat that the setting was designed to prevent, the different countermeasures that can be applied, and the potential impact of configuring these options.
This document enables an organization implementing the Windows Server 2003 Security Guide to test its implementation of the solution. The actual experience of the Windows Server 2003 Security Guide Test Team is captured in this document.
This document describes the Scope, Objectives, and Strategy used for testing the Windows Server 2003 Security Guide. The Test environment, Test case details, Release Criteria, and Test Results are included in this document.
This Guide provides general information intended for business planners, IT architects or project managers regarding recommended methodologies for implementing this solution as well as the tasks necessary to deploy this solution, the types of resources, skill-sets and probable costs required. This information will be delivered via pointers to general solution frameworks as well as tools delivered specifically for the Securing solution.
The audience for this document is delivery teams who are implementing the Windows Server 2003 Security Guide and customers who are supporting and maintaining the solution.
The document is designed to provide information about how the software components in the solution are supported, including escalation paths, support offerings and resources, and support levels.