Rock Silo Cyber Security Platform by Jarvis Labs - Firewalled Appliances with an Artificial Intelligence EngineRock Silo Cyber Security Platform with Artificial Intelligence by Jarvis LabsRock Silo Cyber Security Platform with Intelligence by Jarvis LabsRock Silo Cyber Security Platform with Intelligence by Jarvis Labs is Ranked #1 by Hackers, attackers, and other maliciousFirewall appliances with an Artificial Intelligence Engine by Jarvis Labs help IT staff get better sleep.Well rested IT staff members report that they have been sleeping like babies.Sleep like a baby when your network is protected with Rock Silo by Jarvis Labs.IT Staff members are sleeping like babies.

Cyber security starts here - harden windows servers

Updated May 15th, 2017, see #WannaCry SMB Steps below

Harden windows servers

Windows Server 2012 has new security features, best practice wizards, and sleeker interfaces to enhance the security posture of the operating system installation.  Windows Server 2008 still has a major install base and is relevant to cover for server hardening as well. Most settings are similar and familiar between the two different server versions.

It should be noted that many of the advanced network management and security features require an Active Directory implementation to fully leverage.  As with any corporate network the security is the sum of its parts and we focus here on ensuring that Windows Server systems are properly installed and configured.

 Microsoft Server 2008 and 2012 uses Server Manager roles and features to configure and install server components.  To open the server manager goto ->Administrative Tools->Server Manager.
 

Figure 1:  Server 2008 Server Manager application

 

Figure 2:  Server 2012 New look Server Manager

 

 

 

Microsoft Server Manager gives you a good snapshot of the configured features of your server.  You can see firewall settings, registration information, roles installed, and Windows Server features that are installed and enabled.  By default a Windows server installation leaves much of this configuration for post-installation tasks.

You can also use the Programs and Features control panel applet to list installed applications.  In Windows you can use the Task Manager to view running processes, their paths, and system utilization.

Process explorer is a Sysinternal tool now owned and supported by Microsoft.  Process Explorer allows you to see processes and their perspective process trees and dependencies. 

 

Figure 3:  Sysinternal Process Explorer showing running processes.

 

To show disk space and utilization and to manage any disk volumes use the Disk Management feature in the Server Manager.

 

Figure 4: Windows Server 2008 Disk Management view in Server Manager application.

 

To see startup processes there are several places to check.  The msconfig utility is a good place to start.  This application gives you the running and startup services all in one convenient place.
 

Figure 5:  Msconfig application showing services and status.


 

The windows registry contains many settings and startup options as well.  Using the regedit application you can check the following registry key for tasks that are set to run when windows starts.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Also, the startup program menu is a good place to look for tasks that may run once a user is logged into the system.  Often times malware is started via this startup option out of a users profile directory.  Be sure to check both the All Users startup folder and the startup folder in each user profile directory.

Utilize the Windows update application to configure system updates if you do not have an enterprise patch management system.  From within the Windows Update applet you can set when your system runs updates and reboot behavior.  Many server systems should be manually updated, tested, and restarted during maintenance windows.

Figure 6:  Un-configured Windows updates

Figure 7: Setting for maintenance window time for automatic updates