Server Hardening and Clients - Computer Science Essay Example

It is a commonly agreed fact that no single security measure is effective in preventing all types of attacks on systems. Subsequently, measures such as those advocated by concepts such as defense in depth are applied to mitigate potential security threats. In the context of server security, when defense in depth is applied, it will involve measures such as making different security polices of each network layer. The server is next to the last pillar of security between sensitive data and potential threats to a system and therefore creating customized security profiles for each server profile is not only important but also necessary.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

One of the approaches to server security is stopping all unnecessary services and unused features. Based on this assertion, new windows versions are developed with more security by default. With the possibility of having multiple roles on the network server, it is important to that the servers are designed with the best security practices considering their different attributes. The Security Configuration Wizard has been included in versions of Windows Server 2003 Service Pack 1 (SP1) and later versions and is aimed at evaluating the server profile and proposing changes to enhance the security of the server (Minasi et al., 2013). For Windows Server 2012, the new Server Manager dashboard hosts the Security Configuration Wizard. As observed in the screenshot below.

The first step when utilizing the Security Configuration Wizard is to define the action that needs to be taken. Not only can the feature enable one to develop a new policy, but also make changes to the new policy, and delete a currently existing policy from the existing server configuration.

In the Windows Server 2012 environment, after selecting the desired server, the Security Configuration Wizard then parses the selected server and the information collected, and compares that with Microsofts security recommendations for that server profile.

After the Security Configuration Wizard makes its analysis, it provides recommendations that can be used to make alterations to the existing structure to suit a particular need. Following its recommendations, the Security Configuration Wizard provides options to either save or apply the policy. In most instances, the wizard will analyze more than one profile in the server, it would be best to create a Group Policy Object (GPO) that would be used on all servers with similar characteristics. This can be done using Windows PowerShell. As a result, there is improved standardization in security policy and it is easier to implement the policies as a part of general server security approach. It is also important to close unnecessary ports and disable unnecessary services.

Security Configuration and Automation in Microsoft Windows Server 2012 r2

Security configuration is an essential aspect of the overall security strategy for the overall information security in an organization. First, it is important to set up a USB 3.0 stick that has the Server 2012 R2 installation image and an XML file built by Windows System Image Manager (WSIM) (Stanek, 2013). The WSIM is contained in a free download in the Automation and Deployment Kit (ADK). The WSIM avails a graphical user interface that enables the user to answer in advance questions related to the system that is to be built. The answers range from product key to disk layout to killing the functionality of Internet Explorers (IEs) Enhanced Security Configuration.

When the above mentioned process is completed, the user then commands WSIM to retrieve a file named autounattend.xml. the file is then copied to the root of the USB installation disk.

Commands in the autounaattend.xml will be read by Windows Setup and executed. Reason for using the USB stick is that they are fast especially the USB3.0.

Dump the tunnel Adapters and Change IPv6

The IPConfig commands list a lot of details when executed. To reduce this we can use the following commands:

Set-NetTeredoConfiguration -Type DisabledSet-NetIsatapConfiguration -State DisabledSet-Net6to4Configuration -State Disabled

For organizations that use IPv6 and depend on the Toredo, Intrasite Automatic Tunnel Addressing Protocol(ISATAP) or the 6to4 transition technology leave them on.

To undo the above commands, in place of Disabled use default. If you choose to use IPV6-less, you can use the following command:

Set-NetAdapterBinding -name <NIC name> -DisplayName "Internet Protocol Version 6 (TCP/IPv6)" -Enabled:$false

In the case where you are building a server on simple hardware with only one NIC, the command would be as follows:

Set-NetAdapterBinding -name Ethernet -DisplayName "Internet Protocol Version 6 (TCP/IPv6)" -Enabled:$false

You could also choose to do away with the long DisplayName values and use ComponentID:

Set-NetAdapterBinding -name Ethernet -ComponentID ms_tcpip6

In case you want to know the DisplayName and ComponentID values found in your NIC input the following command:

Get-NetAdapterBinding | select InterfaceAlias,DisplayName,ComponentID | OGV

Set Up Your Server TCP/IP and DNS Settings

For servers to work they require static IP addresses and setting them up can be quite hard. However PowerShell simplifies this through the New-NetIPAddress and Set-DNSClientServerAddress cmdlets. They are quite long but are far better than the Netsh commands. The New-NetIpAddress looks like:

New-NetIPAddress -interfacealias <NICname> -IPAddress <address> -DefaultGateway <address> -PrefixLength <nn>

An example of the above command is shown below:

New-NetIPAddress -InterfaceAlias Ethernet -IPAddress 192.25.25.7 -DefaultGateway 192.25.25.7 -PrefixLength 24

The number of 1s in the subnet mask are fetched using the command PrefixLength. This uses shorter Classless Inter-Doman Routing(CIDR) to describe an IPv4 subnet mask, such as 255.255.255.0.

The command for setting a static DNS server address is; DNSClientServerAddress. The command also states which NIC to use and the IP address used by the DNS server. The command is written as shown below.

Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 10.30.30.7

In case you want a system to revert to finding a DNS server via DHCP, use the ResetServerAddress command. It is used as shown below.

Set-DnsClientServerAddress -InterfaceAlias Ethernet -ResetServerAddresses

Security tools to administer in Microsoft windows Server 2012 r2

There are several tools used to administer security in Microsoft Windows Server 2012 r2. These tools are subdivided into the following categories:

Tools that manage access to network resources. These are security tools that monitor and manage files and folders that are protected by the Access Control Lists (Stanek, 2013). Example of tools found under this category include the following:

lcacls(LH): this is a Windows command-line tool that is used to display and modify discretionary access control lists on certain files that are stored in specified directories.

Dsacls(LH): this is also a Windows command-line tool. Its work is to display perform changes to permissions in the Access Control Lists of objects in the Active Directory Domain Service.

Get-Acl: unlike the first two this is a Windows PowerShell cmdlet. It is used to fetch the security descriptor for network resources.

ShareEnum: this is a Sysinternals utility. It is responsible for scanning files shared on a network and it also checks how secure they are and the security settings put on them.

Tools that manage security auditing and auditing logs: these tools are used to analyse and monitor computer and network activities. They configure logging of events, manage event logs and entries made of log events. Examples of tools under this category include:

Clear-Eventlog: a Windows PowerShell cmdlet that is used to delete log entries of specified entries. The log entries can be on a local computer or a remote one.

Get-Event: like the one above this is also a Windows PowerShell cmdlet that is used to fetch events that are queued in the event.

Get-EventLog: a Windows PowerShell cmdlet that is almost the same to the previous one but this one fetches an event in a specified event log or in a list of event logs.

New-Event: this is also a Windows PowerShell cmdlet that is used to create a new event.

New-EventLog: this is also a Windows PowerShell cmdlet. It is responsible for creating a new event log and a source to go with it either on a local or remote computer.

Tools that manage user accounts, groups and credentials. These tools manage user identities and the processes those users use for logon and authentication. These tasks are in most cases repetitive. Under this category, we have the following tools:

Whoami(LH): this is a Windows command-line tool. It is used to show the user or group currently logged on to the network and show the privileges that they all have.

Cmdkey(LH): a Windows command-line tool that is used to create, list and delete user credentials such as user names and passwords.

Get-Credential: a Windows PowerShell cmdlet that fetches a user credentials that are based on the users name or password.

Get-AuthenticodeSignature: a Windows PowerShell cmdlet that acquires information about the authentication code signature found in a file.

LogonSessions: this is Sysinternals utility that list all active logon sessions that are currently on the network.

Tools that manage certificates and encryption. Example of tools that are found under this category include:

CertReq[WS212]: this is a Windows command-line tool. It is responsible for a few activities such as: requesting for certificates from the Certification Authority(CA), retrieve a response to a previous request from the CA, create a new request from the .inf file, accept and come up with a response to a request and many more.

Cipher: also, a Windows command-line tool that is used to display or perform changes to how directories are encrypted and files.

Get-PfxCErtificate: this unlike the first two is a Windows PowerShell cmdlet that fetches details on .pfx certificate files.

Certificate Provider: a Windows PowerShell provide that enables network managers to go through the certificate namespace and see the different certificate stores and the certificates themselves (Tulloch & team, 2013).

The last tool category that I will discuss is used to manage the Certification Authority and other Active Directory Certificate Services tasks (AD CS). AD CS are used to issue and manage certificates. The following tool is used to manage CA and AC DS tasks:

CertUtil[W2012]: a Windows command-line tool that collects and displays the configuration details of the CA and configures the AD CS. It also creates a backup for CA components, restore them and verify their certificates. Also display information on key pairs and certification paths.

CIS FRAMEWORK

CIS stands for Centre for Internet Security. This is an organisation that look into improving cyber security with regards to how ready an organization is to cope with a cyber-attack and what measures are put in place to respond to cyber-attacks both in the public and private sectors. It provides principles in a collaboration and partnership type of way to enhance cyber security. This framework ensures that measures put in place for cyber-security are cost-effective, cross-sector and consensus based.

AUTOMATION WITH POWERSHELL

PowerShell is quite a powerful language that is used to write and execute scripts. PowerShell scripts help add logic required to complete complex jobs. PowerShell cmdlets can be used to accomplish a lot of the work that is normally...