Windows Cybersecurity series: basic hardening techniques

A server is considered a super-computer with characteristics focused on “serving” something. You can see them as well as a kernel for processing and storing data and managing users. This main unit of business also requires a bunch of configurations to secure that data inside of it.

Hardening is a term that emphasizes the process of applying techniques for securing a server by using security measures and performing maintenance, which will help decrease every type of threat or risk, efficiently guaranteeing business continuity. This is not alien to the Windows ecosystem there’s no recipe for securing servers, every single instance can have particular restrictions, labors, and approaches in business.

At this moment of the lecture, the fact is that there’s no security without any threats, I think the word speaks for itself. Threats can be categorized into two aspects: the internal threats that are focused on the misuse of the whole, and the external ones which are attacks, sabotage, theft, or any bad intended action.

Disclaimer:

Again, the main goal of this series is to evaluate security settings from a high-level overview. All of this can also be present in Linux or any OS flavor available.

Let’s move on.

How to perform a server hardening?

I’m going to list the basic things that a Sysadmin (and regular users too) can do to better up the security of a server.

There are quite mechanisms, processes, and strategies to implement to accomplish a decent security configuration. The first premise here is to get to know that security is very ephemeral, nothing will be 100% secure.

1. Installing Anti-malware will help you detect and block any kind of malware threat.
2. Educate and be aware of email phishing. Apply some filters to avoid social engineering.
3. Maintaining software at all costs, the whole idea here is to avoid outdated software running in the wild, apply security patches, or update when the newer version is stable and ready to be used.
4. The users are the weakest element of the security chain, you will need to provide only the specific privileges needed to operate and nothing more, also you can implement password rotation enforcement and policies for the sake of goodness.
5. And of course, the devices. You can apply so much control here. You can limit installed software, set roles for particular users in every computer, trace installation registries, perform software updates with WSUS, delete unused software, and do resource optimization just to mention.

In terms of communications, it’s always good to transmit all data within encrypted connections (HTTPS mostly), and of course, if your needs include any particular time evaluation, make sure that you configure your NTP servers.

Isolation as a hardening technique

If under any circumstances this is not enough security for your environment, you can perform isolation as an advanced technique of hardening to external threats.

Server Isolation

By minimizing all possible ways to perform a connection to the server we reduce the chances of receiving attacks or data breaches/leakages of information. We can categorize or divide this into three elements.

Technical isolation starts by closing or turning off shareable resources, this is commonly seen when acquiring a shared web-hosting with all included in one machine. This is not quite bad at all, but, generally, you can’t put a particular service off. If can be divided into multiple servers the better, this does not affect performance at all but lets you gain more control of each service.

Physical isolation relies on the functioning of the servers from a physical perspective, perimeter security, conditioned server rooms, access control mechanisms, fire and power alarms, backups, etc.

The last one, internet isolation, explains or emphasizes exposing servers to the internet only as needed. All servers exposed must be protected by DMZs and Firewalls, both filtering unintended network traffic, helping delimit access to only what’s needed and nothing more.

Other resources

Besides isolation, security can be enhanced by setting up Network and OS-based firewalls, Proxies (network traffic redirection), and more.

With this “practical” guide you can securely manage your infrastructure, before I go, I want to give you my recommendations about all you just saw.

1. Servers are not user terminals, please use any kind of VCS, and manage your Dev-ops to deliver software without flaws.
2. Avoid using COTS apps without admin participation
3. Avoid sharing accounts
4. Isolation of roles and user privileges
5. Give your users the minimum privileges possible
6. Set your security strategy in layers
7. Educate your people, can save you a lot of trouble.

You can go in-depth with the technical stuff, discuss any security strategies, and plan your next big move. There are no step-by-step instructions for securing things, so, you can do whatever you want, plan, develop, and iterate if needed, the security depends on all of us.

Happy hardening :)

👋 Join FAUN today and receive similar stories each week in your inbox! ️ Get your weekly dose of the must-read tech stories, news, and tutorials.

Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇