Securing a Sensitive Server (Server 2003) that is used to Process Sensitive Information
Policy | Standard | Procedure | Informative
Version: 2.
Last Updated: 8/3/05
University Computing and Communications Services

Ensure that your Server 2003 installation/operation is compliant with the University Sensitive Information Protection Policy.

Checklist:

1.      Install antivirus software.

Symantec Antivirus software for servers can be obtained from the university’s Information Security Department. 

 

2.      Install firewall software.

Internet Security Systems ServerSensor firewall software can be purchased with the assistance of university’s Information Security Department.  Another option is to use the Windows Server 2003 Internet Connection Firewall (ICF). ICF is configured using the network connections properties as shown below.

 

 

a)       Select the Advanced tab.

b)       Under Internet Connection Firewall, check the box indicating you want your computer protected.

c)       Next, choose the settings button to enable the services that this server is expected to provided.

d)       From the services tab, select any predefined services that match your needs by checking the appropriate boxes.

e)       If you need to add a special service, click the Add button.

f)         This will display a dialog where you can add service settings.

g)       Add a description for this service, such as DNS.

h)       Insert the name or IP address of the server containing this service (if, for example, you were using the ICF in addition to Internet Connection Sharing you might have an additional computer being protected by this one which needs this service available to it).

i)         Add the port number the service will use, in the case of DNS that will be port 53. Generally the internal and external ports will be the same, except in the case where the Routing and Remote Access Service is being used to provide network address translation.

j)         Choose the radio button for either TCP or UDP as appropriate to your service. In this case UDP and select OK.

k)       Choose the Security Logging tab and verify the settings. By default the ICF logs dropped network packets, but you may also have it log permitted ones as well. By default the ICF will keep 4MB in the packet log, but that is adjustable as well.

l)         You may permit or deny common ICMP messages used on your network. For example, you might enable the incoming echo request and the outgoing time exceeded types in order to permit ping and traceroute troubleshooting. You can set this by selecting the ICMP tab.

m)     Select OK to close the ICF properties form

n)       Select OK to close the Local Area Connection properties and your computer is now protected.

 

3.      Mandate the use of secure passwords.

 

Passwords should:
- be at least eight characters long
- consist of mixed case (at least one each of upper and lower case)
- contain at least one non-alpha character (such as a number or symbol)
- be significantly different from prior passwords

- be changed at least every 90 days

Hint: A strong password might look something like: P@$$w0r$

 

a)       Click Start, click Run, type gpedit.msc, and then press ENTER.

b)       In the Group Policy Object Editor MMC, double-click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Account Policies.

 

4.      Rename the Administrator account.

 

a)       Right-click My Computer and select Manage

b)       Expand (+) Local Users and Groups

c)       Select Users

d)       Right-click Administrator

e)       Select Rename

 

5.      Operate an Operating System Screen Saver Password on the computer.

 

a)       Click Start.

b)       Click Settings.

c)       Click Control Panel.

d)       Click Display.

e)       Click the Screen Saver tab.

f)         Click the drop-down box arrow, and then choose a Screen Saver.

g)       Click the Settings tab.

h)       Check the Password Protector box.

i)         Fill in Wait X minutes (This is the number of minutes you want the computer to wait before displaying the screen saver.)

 

 

 

6.      Ensure that remote management software (pcAnywhere or Terminal Services) is configured to use encryption (at least 128 bit key strength).

 

7.      Where appropriate, users can install software/applications that have been approved by the organization’s technology representative and/or information technology manager.

 

8.      In accordance with the principle of least privilege, users will only use minimal user profile privileges on computers that are based on users' job necessities (default is to deny access).

 

9.      File an Incident Report to report any suspicious activity on your machine by sending an email that contains the following information to help.gsu.edu.

 

a)       Type "Security Incident - High Priority" in the subject line of the email.

b)       Give the date the incident occurred.

c)       Describe the incident.

d)       Optional: If you know your IP address, or the IP address of your attacker, please include.

e)       Provide contact information such as your name, phone number, and department.

 

Help:If you have questions, or need assistance, please contact the Help Center (404-651-4507 or help@gsu.edu).