How to Secure a Windows Server
A network is two or more computers and/or network devices (e.g., printer, switch, hub, router) connected to the Internet or a LAN. Because the Windows 2000 or higher server is connected to the Internet or to a local or wide area network, the emphasis for securing the data on this server is placed on physical security of the server, controlling access to the data, and protecting the data from unauthorized access across the wire.
Following are recommended steps to be taken to secure the Add Health data stored on a Windows 2000 or higher server. Because each environment is different, your server administrator should test the following steps before implementing on a production server! Most enterprise-wide servers have highly trained professionals managing them, so some or all of the following steps may already be implemented. If your network administrator is not able or willing to implement any of the following steps, simply state the reason in the accompanying form to describe your security plan.
Physical Security of a Server on a Network
- Secure the server on which the Add Health data resides in a locked room to which only authorized users have access.
Controlling Access to the Data
- Restrict access to the Add Health data to project personnel using the security features available via the operating system (e.g., login via userid/password and NTFS permissions).
- Require strong passwords.
- Install encryption software for directories containing secure data. Windows 2000 encryption is free and works well. Additional encryption software applications can be found here.
- Configure your analysis software to point temporary work files to the encrypted Add Health data directory.
- Install and periodically run a secure erasure program. This program should be run after the secure data has been removed from the server at the end of the contract period. (Shred 2 is inexpensive and works well.)
- Do not copy or move the Add Health data out of the secured directory for any reason.
- Password protect workstation's screen saver and activate after three minutes of inactivity.
Protecting the Data from Unauthorized Access Across the Wire
The following are additional minimum steps you should take to secure the Add Health data on a server running Windows 2000 or higher if the server is connected to the Internet or a network. For detailed security for Windows Servers, consult the SANS and Microsoft Security guides.
- Do NOT install IIS or MS SQL server on a Windows computer that will house sensitive data.
- Turn off all unneeded services (the following list is provided as an
example, and may not be a complete list for your environment. Be sure to test
these items before implementing on a production server!)
- Peer Web Services
- IP Forwarding
- Simple TCP/IP Services
- Disable unneeded network protocols (e.g., IPX or NetBEUI)
- If you operate in an IP only environment, disable NetBIOS over TCP/IP.
- Replace the Everyone group with the Authenticated Users group for the Access this Computer from the Network user right (User Manager-->Policies-->User Rights).
- Disable the Guest account.
- Replace group Everyone with the appropriate group(s) on critical system folders, files, and registry keys. Share permissions to only those groups that need access (default access control on new shares is Everyone Full Control).
- Remove, disable, or rename administrative shares (c$, d$, admin$).
- Restrict/Prevent anonymous access and enumeration of accounts and shares.
- For more information on NULL sessions and their vulnerabilities, see this SANS document.
- Create a new userid for administrative purposes and add this userid to the Local Administrator's group. Remove the original administrator userid from the Local Administrator's group ("dumb it down").
- Protect the administrative password: using the resource kit, run
- passprop /complex /adminlockout
- Encrypt the SAM (run syskey.exe)
- Use Windows Update or Microsoft Baseline Security Advisor to keep system patches up to date. (Consider subscribing to the Microsoft Security Notification Service.)
- Install application (e.g., Internet Explorer) security patches.
- Install antivirus software and keep the virus definition files updated.
- Secure performance data.
- Enable auditing:
- Audit Login success and failure.
- Audit failed attempts at exercising user privileges.
- Audit system events such as shutdowns.
- Move log files out of the default location and secure with NTFS permissions (%system-root%\system32\config\*.evt).
- Restrict access to the log files to administrator only.
- Check your logs often!
- Disable or remove Windows Scripting Host.
- Use a corporate, hardware, or personal (software) firewall: