How to Extract IDs and Security Policy from Windows Servers?

Windows server security is main concern because server is the heart of a small business. So its better to provide good server security. So we have to review in short span of time all server security.

Check password policy set in the Windows Operating System i.e. password is required, no expiration, minimum password length. Weak or IDs without passwords are an open invitation for intruder to hack into your computer systems.

Step 1 How to extract IDs and Security Policies From the Windows Server.

a) I use a neat free tool called Somarsoft ACL.

b) Install the tool and Run DumpSec program.

c) Extract the permissions of user, group, file system, registry, password policy and other information you find useful.

Step 2 Cross check the IDs with the Administrator

a) Once you have extracted these information, cross check with the administrator if all the IDs and password policy extracted from the tool are valid and necessary.

b) Delete or disable the unnecessary IDs and enforce the stronger password policy.

c) Further ensure that only IDs that are absolutely required are active and enforce a strong password policy using Windows Active Directory. e.g. complex alphanumeric password, 180 days password expiration. As for PC make sure the administrator password is changed and only known by yourself/office administrator.

d) Everyone else should use basic IDs.

e) Activate password for the screen saver to lock the PC screen when there is no activity for say 10 minutes.

f) Educate all users on the importance of computer security.

g) One of the reminders I usually highlight is do not share passwords and do not stick the password in front of the computer monitor for all to view.

Source: Ezine

Microsoft Fixed Windows 7 Holes with Security Updates

Microsoft stated that the critical fix was for just about every version of Windows, including Windows 2000, XP, Vista, Server 2003 and Server 2008. However, the software giant failed to mention that the update also was intended for Windows 7 under its "Affected Software" heading.

Microsoft did, however, mention that the update affected Windows 7 under the "Frequently Asked Questions" section. In addition to Windows 7, the patch repaired critical flaws in Windows Server 2008 Service Pack 2 Beta and Windows Vista Service Pack 2 Beta.

Altogether, the patch bundle resolved a total of four image vulnerabilities in the Windows kernel, the most serious of which could allow hackers to install malicious code on users' computers without any user intervention by enticing a victim to view a maliciously crafted EMF or WMF image file. The user could then download a Trojan or other piece of malware that would enable hackers to take complete control of the machine and steal sensitive data. Other vulnerabilities repaired by the update could leave the user susceptible to a denial of service attack.

Microsoft's March security update addressed two other security flaws, both deemed "important," that could allow hackers to spoof Web sites in identify theft schemes.

One of the flaws, occurring in the Windows DNS server and the Windows WINS server, could allow a remote attacker to redirect Web traffic to his or her own malicious Web site. Once users opened the maliciously crafted page, attackers could then entice users to submit sensitive password, credit card or bank account information for identity theft activities. Hackers also could infuse the page with malware designed to record keystrokes and steal information, security experts said.

The other "important" fix repaired a bug in the Windows Secure Channel security package that could allow miscreants to spoof a Web site by gaining access to the authentication credentials utilized by the end user.

Source: http://www.crn.com/security/215801984

Windows Vista Service Pack 2 beta ISO

Windows Vista Service Pack 2 (SP2) Beta is an update to Windows Vista and Windows Server 2008. It provides customer and partner feedback driven fixes into a single service pack, minimizing deployment and testing complexity. In addition to all previously released updates, SP2 will contain changes focused on addressing reliability and performance issues, supporting new types of hardware, and adding server support for several emerging standards.

Windows Vista SP2 Beta applies to individuals, organizations, and technical enthusiasts who are comfortable evaluating pre-release software. This pre-release software is provided for testing only. We do not recommend installing this software on primary or mission-critical systems. Installation of Service Pack 2 Beta will result in Microsoft collecting information about the installation process, even if the installation is not completed. Wet recommend that you have a backup of your data before you install any pre-release software.

SP2 is an update to Windows Vista and Windows Server 2008 that addresses feedback from our customers and partners. By providing these fixes integrated into a single service pack, Microsoft provides a single high-quality update that minimizes deployment and testing complexity for customers.

In addition to all previously released updates, SP2 will contain changes focused on addressing reliability and performance issues, supporting new kinds of hardware, and adding support for several emerging standards. SP2 will also continue to make it easier for IT administrators to deploy and manage large installations of Windows Vista and Windows Server 2008. Service Pack 1 is a prerequisite for installing Service Pack 2. Please make sure that your system is running Service Pack 1 before you install Service Pack 2.

Via:vnunet.com/vnunet/downloads/2232050/windows-vista-sp2

Planning for Print Server Security

Planning for print server security is vital in order to protect your organization’s resources. As with any production server, you need to protect the physical print server and safeguard access to data stored on the server. Consequently, your security plan must address three areas:

• Physical location
• Group Policy settings
• Printer permissions
  

Ensuring the Physical Security of Each Print Server

Locate your print servers in a physically secure location that only designated individuals can access. Allowing unauthorized access to your print servers risks harm to the system. In addition, consider to what extent you also need to restrict physical access to network hardware. The details of implementing these security measures depend on your physical facilities as well as your organization’s structure and policies.

Securing the Print Environment

Windows Server 2003 adds new Group Policy settings that affect how clients connect to print servers on the network. Two of these policy settings are particularly useful for security.

Allow print spooler to accept client connections This Group Policy setting, which is configured on the server, determines how clients access the print server over the network. If an individual with administrative credentials creates shared printers for use by managed clients, the spooler automatically allows connections upon creation of the first shared printer. If a virtual spooler resource is created on a clustered server, the spooler likewise automatically allows connections. If no shared printers or virtual spooler resources already exist, you might need to enable this policy setting by using the Computer Management snap-in from a remote computer. To administer print services on a server running Windows Server 2003, log on to the server locally, or log on remotely through a Remote Desktop session.

Point and Print restrictions This Group Policy setting, which is configured on client computers, determines the print servers to which the client can connect. To provide a higher level of security for managed workstations, this policy setting controls a client computer’s ability to connect to and install a printer driver from specified print servers. By default, managed clients can use Point and Print only with servers that are within their forest. An administrator can use this policy to add additional servers to the list of trusted print servers. Alternatively, administrators can disable this policy to enable managed clients to connect to any accessible print server and install a printer driver from it.

Using Printer Permissions to Control Access to Shared Printers

Even if the physical server is in a secure room, the print server might still be accessible through remote administration tools. Therefore, you need to implement methods for restricting access to remote administration of print servers. You can restrict access to a print server by setting printer permissions.

Source: /technet.microsoft.com/en-us/library/cc780641.aspx

Security Improvements for Windows Server 2008

While fundamentally changing the design of the operating system, the Windows Server 2008 team has also included several features designed to eliminate security breaches and malware infestations, as well as capabilities meant to protect corporate data from leakage and interception. Let's take a look at some of the improvements.

Operating System File Protection

A new feature currently known as operating system file protection ensures the integrity of the boot process for your servers. Windows Server 2008 creates a validation key based on the kernel file in use, a specific hardware abstraction layer (HAL) for your system, and drivers that start at boot time. If, at any subsequent boot after this key is created, these files change, the operating system will know and halt the boot process so you can repair the problem.

Operating system file protection also extends to each binary image that resides on the disk drive. OS file protection in this mode consists of a filesystem filter driver that reads every page that is loaded into memory, checking its hashes, and validating any image that attempts to load itself into a protected process (processes that are often the most sensitive to elevation attacks). These hashes are stored in a specific system catalog, or in an X.509 certificate embedded within a secure file on the drive. If any of these tests result in failure, OS file protection will halt the process to keep your machine secure. This is active protection against problematic malware.

BitLocker

The need for drive encryption has been a popular topic in a lot of security channels lately, and in both Windows Vista and Windows Server 2008 Microsoft has risen to the call by developing a feature called BitLocker. BitLocker is designed especially for scenarios where a thief may gain physical access to a hard drive. Without encryption, the hacker could simply boot another operating system or run a hacking tool and access files, completely bypassing the NTFS filesystem permissions. The Encrypting File System in Windows 2000 Server and Windows Server 2003 went a step farther, actually scrambling bits on the drive, but the keys to decrypt the files weren't as protected as they should have been. With BitLocker, the keys are stored within either a Trusted Platform Module (TPM) chip on board your system, or a USB flash drive that you insert upon boot up.

BitLocker is certainly complete: when enabled, the feature encrypts the entire Windows volume including both user data and system files, the hibernation file, the page file, and temporary files. The boot process itself is also protected by BitLocker—the feature creates a hash based on the properties of individual boot files, so if one is modified and replaced by, for example, a Trojan file, BitLocker will catch the problem and prevent the boot. It's definitely a step up from the limitations of EFS, and a significant improvement to system security over unencrypted drives.

Device Installation Control

Another security problem plaguing businesses everywhere is the proliferation of the USB thumb drive. No matter how securely you set your permissions on your file servers, no matter how finely tuned your document destruction capabilities are, and no matter what sort of internal controls you have on "eyes-only" documentation, a user can simply pop a thumb drive into any open USB port and copy data over, completely bypassing your physical security. These drives often contain very sensitive information that ideally should never leave the corporate campus, but they're just as often found on keychains that are lost, inside computer bags left unattended in an airport lounge, or in some equally dangerous location. The problem is significant enough that some business have taken to disabling USB ports by pouring hot glue into the actual ports. Effective, certainly, but also messy.

In Windows Server 2008, an administrator will have the ability to block all new device installs, including USB thumb drives, external hard drives, and other new devices. You can simply deploy a machine and allow no new devices to be installed. You'll also be able to set exceptions based on device class or device ID—for example, to allow keyboards and mice to be added, but nothing else. Or, you can allow specific device IDs, in case you've approved a certain brand of product to be installed, but no others. This is all configurable via Group Policy, and these policies are set at the computer level.

Windows Firewall with Advanced Security

The Windows Firewall version included with Windows Server 2003 Service Pack 1 was exactly the same as that included in Windows XP Service Pack 2. Microsoft bundled that firewall with Service Pack 1 as a stopgap measure—deploy this firewall now, Microsoft said, so you will be protected, and we will work to improve the firewall in the next version of Windows.

The new Windows Firewall with Advanced Security combines firewall and IPsec management into one convenient MMC snap-in. The firewall engine itself has been rearchitected to reduce coordination overhead between filtering and IPsec. More rules functionality has been enabled, and you can specify explicit security requirements such as authentication and encryption very easily. Settings can be configured on a per-AD computer or user group basis. Outbound filtering has been enabled; there was nothing but internal filtering in the previous version of Windows Firewall. And finally, profile support has been improved as well—on a per-computer basis, there is now a profile for when a machine is connected to a domain, a profile for a private network connection, and a profile for a public network connection, such as a wireless hotspot. Policies can be imported and exported easily, making management of multiple computers' firewall configuration consistent and simple.

Network Access Protection

Viruses and malware are often stopped by software defenses before they can run within a user's session, but the ultimate protection would be if they never even got access to the network. In Windows Server 2008, Microsoft has created a platform whereby computers are examined against a baseline set by the administrator, and if a machine doesn't stack up in any way against that baseline, that system can be prevented from accessing the network—quarantined, as it were, from the healthy systems until the user is able to fix his broken machine. This functionality is called Network Access Protection.

NAP can be broken down into three key components:

Health policy validation
Health policy compliance
Limited access

Source:computingtech.blogspot.com/2008/05/windows-server-2008-security.html

10 Important Steps to Secure Server

Sometimes it is possible that your server is compromised, but the actions made by attacker do not affect your server functionality, so you may never find that your machine was compromised.

So, is good from time to time to check your server security, to see if any strange activities/processes are in your system.

Following are the ways to secure your server:-

1) Use a Firewall

Make absolutely sure that your server has a firewall running all the time. A firewall is like a screen door to your porch. It blocks out flies, rodents and other pests but you can still walk out and use your BBQ. If someone ever were to get into your server, which is very very likely, the first thing they're going to try and do is upload something to start a daemon or their own service like an IRC server or use a port to launch attacks to other systems. A firewall with egress and ingress protection can stop both incoming and outgoing attacks even when you're not aware of it. We recommend using APF on Linux systems or TinyFirewall on Windows Servers. These are software firewalls so there's no extra monthly cost like a hardware firewall. For very busy systems a hardware firewall is recommended so it takes the burden off your system CPU/RAM and resources to do the work.

2) Update your kernel and OS

Make sure your server is using current, updated software. Use the stable version which has been tested more than any beta and update as soon as possible. An old kernel can lead to an easy target for your server. If you're not sure then ask your provider for the latest update.

3) Monitor Logs

Do you know what logs record which activities? How often are they updated and rotated? LogWatch is a great tool to email you the daily reports of your systems activity of anything it determines unusual, EG repeated failed logins. Besides using this you should check your logs manually to see what’s up. Tail –f /var/log/messages and view your Apache logs as well. Apache Log Files Explained

4) Backups

I still never understand why no one backs up their data yet you spend hundreds of hours working on your website or application then you absolutely must have a second hard drive for backups or use a remote back up system or a combination of these. Second Hard Drive Means Life or Death

5) Limit Access to a Minimum

Do not give users more access than the absolute minimum they require. Never give them shell access, restrict file access to a bare minimum and leave other services turned off by default until specifically requested and you determine that its safe to do so.

6) Lock down PHP and use Mod_Security with Apache

PHP is actually a large security risk but there are a few things to do to help lock it down. CGI has Suexec,which helps runs proccesess as the user and PHP has something similar called PHPSuexec but there are a few downfalls. You should also use open_base directory protection, have safe_mode on system wide, turn off register_globals, enable_dl and allow_url_open to help lock things down further.

You can use server wide protection with mod_security, a web server filter that can watch all requests to see if they match a rule and react by logging, denying the request or other programs. I highly recommend this on Apache based servers and can be extremely useful in blocking attacks and stopping hackers before they do any damage. Securing Safe Mode , Installing Mod_Security

7) Lock /tmp /var/tmp and /dev/shm partitions

On Linux each partition can have certain access restrictions. Since /tmp /var/tmp and /dev/shm are world writable directories they’re often home to uploads, sessions storage and hacker executables. Since anyone can read-write-excute anything from these directories it becomes a major security concern. With /etc/fstab however you can limit what can be done in these locations. If you see defaults beside the /tmp line remove it and replace it with noexec,nosuid this will stop any executables from being allowed to run. Do the same for /dev/shm and make /var/tmp and shortcut (symbolic link) to /tmp. Securing Your TMP Partition

8) Intrusion Detection System (IDS)

An intrusion detection system or IDS is like a burglar alarm on your server. It keeps a record of which files were changed when and alerts you of anything new or altered. This is critical because hackers usually try to replace binary applications like ps, top, netstat and others. This means when you run this new version of ps or top to see processes running they make it so it actually HIDES their hacker software, even though its running it won’t show up. Some IDS systems include TripWire, Snort and AIDE. Installing Chkrootkit

9) Review Processes Running and Remove Extra Software

You can’t protect a system if you don’t know what’s on it. If a hacker adds an extra process that you see in PS but you wouldn’t notice if you didn’t know what should be there usually. Know what runs on your system and why which user. How does Perl or Apache run, under which user? You can check your processes usually with top or ps auxfww which gives you a tree view. Check these every time you login to your server. Getting started with Shell (SSH) , Common Shell Commands

10) Keep an Eye on the Servers Performance

Know what speed your server is running at and how much bandwidth it uses on a daily basis. If an attacker compromises your system and you don’t know you’ll probably notice the system responding slowly or using a lot of bandwidth. If you don’t know what your system is usually like how will you notice something out of the ordinary.

Via: webhostgear.com/314.html

Google's Send Mail Server Security Certificate Expires

It appears that Google's Gmail SMTP (send mail) server might have let their secure certificate expire. I personally just got notified that the smtp.gmail.com server was not secure, due to the certificate expiring. Here is a screen capture:-

So, it seems like it just expired just minutes ago. I asked others to confirm the issue and they said they are getting the same error.

Scott Hodge did twit about a month ago about the same issue. But this is the first time I am seeing this issue and the certificate clearly shows that it expired just minutes ago.

Postscript: A Google spokesperson told for a short time this morning, some Gmail users sending mail via POP and IMAP saw a notification on their mail clients that the SMTP certificate had expired. We identified the problem and fixed it promptly. We know how important Gmail is for our users, and we apologize for any inconvenience this may have caused.

Small Business Computer Support and Microsoft Exchange Server Support will always be provided by the Microsoft Certified Techs 24x7..

Security for windows server support services

Windows Server 2008 was launched on February 27, 2008, and to some it is just the next-generation server operating system that replaces Windows 2003, but for others it is a significant improvement to a 5-year-old operating system that will drastically improve how IT will support business and organizational initiatives for the next several years. To the authors of this book, we see the similarities that Windows 2008 has in terms of usability and common graphical user interfaces (GUIs) with previous versions of Windows Server that make it easy to jump in and start implementing the new technologies.

However, after 3 1/2 years of early adopter experience with Windows 2008, when properly implemented, the new features and technologies built in to Windows 2008 really address shortcomings of previous versions of Windows Server and truly allow IT organizations to help organizations meet their business initiatives through the implementation of key technologies now included in Windows 2008.

This chapter provides an overview of what's in Windows 2008, explains how IT professionals have leveraged the technologies to improve IT services to their organization, and acts as a guide on where to find more information on these core technology solutions in the various chapters of this book.

he various server roles in Windows 2008 typically fall into three categories, as follows:

• File and print services—As a file and print server, Windows 2008 provides the basic services leveraged by users in the storage of data and the printing of information off the network. Several improvements have been made in Windows 2008 for file security (covered in Chapter 13, "Server-Level Security") and file server fault tolerance (covered in Chapter 28, "File System Management and Fault Tolerance").
• Domain services—In enterprise environments running Windows networking, typically the organization is running Active Directory to provide centralized logon authentication. Active Directory continues to be a key component in Windows 2008 with several extensions to the basic internal forest concept of an organization to expanded federated forests that allow Active Directories to interconnect with one another. There are several chapters in Part II, "Windows Server 2008 Active Directory," that address Active Directory, federated forests, lightweight directories, and so on.
• Application services—Windows 2008 provides the basis for the installation of business applications such as Microsoft Exchange, Microsoft Office SharePoint Services, SQL Server, and so on. These applications are initially made to be compatible with Windows 2008, and later are updated to leverage and take full advantage of the new technologies built in to the Windows 2008 operating system. Some of the applications that come with Windows 2008 include Windows Terminal Services for thin client computing access (covered in Chapter 25, "Terminal Services"), Windows Media Server for video and audio hosting and broadcasting (covered in Chapter 36, "Windows Media Services"), utility server services such as DNS and DHCP (covered in Chapter 11, "DHCP/WINS/Domain Controllers," and Chapter 10, "Domain Name System and IPv6"), SharePoint document sharing and collaboration technologies (covered in Chapter 35, "Windows SharePoint Services 3.0"), and virtual server hosting (covered in Chapter 37).

This focuses on the Windows 2008 operating system and the planning, migration, security, administration, and support of the operating system. Windows 2008 is also the base network operating system on top of which all future Windows Server applications will be built.

Source: informit.com

Windows Server Security Guide

The Windows Server 2003 Security Guide provides specific recommendations about how to harden computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1) in three distinct enterprise environments—one in which older operating systems such as Windows NT 4.0 and Windows 98 must be supported, one in which Windows 2000 is the earliest version of the Windows operating system in use, and one in which concern about security is so great that significant loss of client functionality and manageability is considered an acceptable trade off to achieve maximum security. These three environments are respectively referred to as the Legacy Client (LC), Enterprise Client (EC), and Specialized Security – Limited Functionality (SSLF) environments throughout this guide.

Guidance about how to harden computers in these three environments is provided for a group of distinct server roles. The countermeasures that are described and the tools that are provided assume that each server will have a single role. If you need to combine roles for some of the servers in your environment, you can customize the security templates that are included in the download able version of the guide to create the appropriate combination of services and security options. The server roles that are referenced in this guide include the following:

	Domain controllers that also provide DNS services
	Infrastructure servers that provide WINS and DHCP services
	File servers
	Print servers
	Web servers that run Microsoft Internet Information Services (IIS)
	Internet Authentication Services (IAS) servers
	Certificate Services servers
	Bastion hosts

Significant efforts were made to make this guidance well organized and easily accessible so that you can quickly find the information that you need and determine which settings are suitable for the computers in your organization. Although this guide is intended for enterprise customers, much of the information that it contains is appropriate for organizations of any size.