Microsoft published a new guide about the security settings in Windows Server 2008. This Technet article gives an overview and the guide itself can be downloaded here. What makes this guide so useful is not only the 214 page security guide (plus a 76 page appendix about security related Group Policy settings). Most interesting are the Excel files that come with the guide.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
One lists all network related services with their DLLs and TCP ports, and the other one gives an overview of all security relevant Group Policy settings. The fact that they come as Excel sheets allows you to use them for your documentation.
I have met admins who argue that Group Policy settings don't have to be documented because you can just check the Group Policies itself, if you want to know which settings are actually being used. That is a very poor argument, in my opinion. Of course you can always create a list of all your current Group Policies. But we are talking about security here. What if an intruder changed your policies? By the way, this guide has all Group Policy Settings of Windows Server 2008/2003 and Windows Vista/XP/2000.
So you better have an external documentation at hand that allows you to verify how your Group Policy settings are supposed to be. I recommend adding the name of the admin who configured a certain policy. The same applies to Firewall rules. It is absolutely necessary to list them all in a document. You can use the second Excel file for this purpose.
The guide itself is quite useful, too. I just skimmed over it, though. The first thing that came to my mind was that I should really read all this. The second thing was when can I find the time to digest 300 pages. Security is always a thankless obligation for an administrator. You can invest a lot of time in hardening your network, but usually nobody from the management will really value your efforts. Maybe they will even complain because your security measures reduce productivity. However, if a virus or a hacker devastates your network they will certainly blame you.
Subscribe to 4sysops newsletter!
Of course, you won't have the time to read and learn about all this new stuff immediately. But maybe one way would be to read a page or two every morning when you start working. From what I have seen so far, you will be able to skim over parts of this guide because not everything will be relevant in your environment.