We encourage you to enhance this guide by identifying missing areas (scenarios, features, lifecycle...), provide links to and write descriptions of existing content, and providing new content where there are gaps. Join the community!
Many companies invest a good amount of money trying to protect their resources by adding more software, additional layers of protection and also by enhancing policies and procedures to enforce security. However, many companies do not yet realize many of those security goals can be accomplished by correctly configuring the Windows operating system and taking advantage of the built in security features. The goal of this article is to give you the core foundation on Windows Security and how to take advantage of Windows operating system security capabilities to achieve your company’s security goals. This survival guide is yours; feel free to enhance it with your insights around this subject.
If you still have questions about why you should read the Windows Security Survival Guide, take a look at the following TechNet blog posts before start reading this article:
Before moving into Windows’ security capabilities, it is important to go back to the fundamentals of the security triad and understand what your company is trying to accomplish by implementing a security program. The core elements of the security triad are:
Companies are concerned about data confidentiality with the goal being to avoid unauthorized access and information leakage. While confidentiality is a subject getting more and more visibility these days, there is also another core requirement for companies, called integrity. Having confidential information without accuracy also doesn’t help, companies require more and more accurate information regardless of where it is stored and if at some point that information needs to be in transit.
Notice that two states were used in the previous sentence: stored and transit. At some point the information will need to be stored and at some point this information will be in transit for user consumption. In both states it is important that the information is always available, which means that availability is also a core requirement for companies. Based on this we can certainly affirm that Windows security is a part of this broader goal. That’s why when planning information security in Windows server and client systems it is vital to understand what Windows has to offer to assist the system to become more secure.
Since 2002, Microsoft has used the Microsoft Security Development Lifecycle as part of its regular software development process. This has helped Microsoft to create software that has a solid security foundation and also lowered the attack surface on its products. While this is a great step towards a more secure software right “out of the box”, many IT Pros rely 100% on that and don’t make the adjustments that their company needs in order to achieve their security objectives. For this reason it is important to get more engaged during security planning discussions to better understand corporate security needs and requirements, instead of just saying well, this is already blocked by default so it doesn’t matter. The IT Pros engagement in the security space is a necessary step for a more secure ecosystem. The links below will give you the basis in some of the terminologies that we expect that IT Pros have familiarity with:
Note: Microsoft also offers an academic exam to validate secure core fundamentals; the exam is 98-367 – Security Fundamentals (Microsoft Learning site).
In order to better protect the systems, you need to understand the evolving threat landscape that your company is going to face once it decides to implement a security policy throughout the enterprise. Identifying the potential threats that your company is facing and how Windows can assist in making the system more secure is vital to a more cohesive security program across the company. The articles below will assist you to identify the threats, countermeasures and other elements that are part of this security planning.
One way to reduce the attack surface on the Windows operating system is by hardening it in order to disable services that will not be used for the role(s) that you are implementing on the server, rather adjusting system settings to provide a more secure configuration and changing service accounts for some applications. For example: if you are implementing a Windows Server 2008 as a Web Server, there are some services you can safely disable since they will not be used by the Web Server role. Microsoft offers a comprehensive guide to hardening Windows Server; however it is important to identify if the application that will run on top of Windows Server will support that hardening procedure. There are some applications that will not work properly if the hardening is not done correctly or if the security is too restrictive and doesn’t allow the application to function as it should.
A classic example of that is with the Microsoft Forefront Threat Management Gateway, the only supported way to harden the Windows Server operating system on which Forefront TMG will be installed is by using the correct guidelines exposed in the Hardening the Windows infrastructure (TechNet Library) article or by running the Security Configuration Wizard (TechNet Library) with the Forefront TMG 2010 template. To avoid supportability issues, make sure to verify the support statement of the application that will be installed on the Windows Server that you are hardening. The links below provides you the core references for Windows hardening:
Another important point to consider while planning to reduce the attack surface is to make sure that the systems are correctly patched with the latest updates. In order to do that the company needs to plan how it will deploy those updates across all platforms. Microsoft recently released the second edition of the Security Update Guide (Download Center) that brings best practices to deploy upadtes using WSUS.
As previously explained one of the information security pillars is called confidentiality. Confidentiality is concerned with data privacy. Windows has a variety of features that can assist in this regard. The features that Windows has for the purpose of making the information confidential will vary according to how the information is accessed: locally or remotely. Data can be leaked while in transit via a wired or wireless network. The data privacy risk while data is transiting the network can be increased if the data is transiting without encryption and the risk becomes even higher if the data is flowing on a public network without encryption, such as Internet. For this reason consider the need to insure data privacy while transmitting data from one source to another via a specific network system. There is a false sense of security when you are accessing the data locally.
Data can be leaked on private networks in many ways. Many users think that if they are on the intranet there is nothing to fear. It can be temporarily stored and then be accessed later by malicious code running on the local computer. For this reason it is important to consider Windows resources that can assist in protecting the data locally.
The most basic definition of data integrity is the assurance that the data hasn’t changed while moving from point A to point B. When moving from point A to point B it also means that the data will be in transit. As it was explained in the previous session, data in transit can be either local or via network (wired or wireless). Some of the technologies used by Windows in the confidentiality space will interchange with integrity requirements. The links below will give you the main Windows features that address integrity.
All those security pillars previously mentioned are very important to maintain data security, but beyond confidentiality and integrity there is another core pillar that must be in place in order to have access to the data, it’s called availability. Having strong mechanisms in place in order to enforce confidentiality and integrity without addressing availability is a high risk operation. These days where users are working remotely and accessing corporate resources from anywhere, it is very important that the connection is available when they need; the authentication server is available when they need and mainly, the data is available when they need. Windows Server has lots of built in features that assist addressing such need. The main features for high availability are listed below:
This is a living document that we are starting now and giving it to you as a base to expand it. Do you want to get engaged on this? Make sure to read the guidelines from Wiki: How to Contribute and have a great time helping the community to grow.
This article was originally written by:
Yuri Diogenes, Senior Technical Writer
Windows Server iX | IT Pro Security
Yuri’s Blog: http://blogs.technet.com/yuridiogenes
Team’s Blog: http://blogs.technet.com/b/securitycontent
Why build Community Based Content? See the answer here.
Yuri this is a great article and very useful. Thanks for a separate time to write, I'm sure it still takes a lot of time and concentration to write, believe me I know by myself:)
Thanks again and all the best
Thanks a lot for the comments Ahmet !!!
Great page Yuri.