Pre-Assessment

An Information Security Management System (ISMS) framework is designed to control the security of an organization’s information assets. These information assets are not solely electronic or limited to the IT department; they are distributed across all processes and organizational units. A thorough understanding of all organizational needs for information asset security, broken down by units and processes, helps you comprehensively assess and prioritize all aspects of the organization. The report generated from this service helps you clearly define the effective scope of the organization for initiating the ISMS implementation process and develop a reasonable timeline for expanding the system’s scope. It should be noted that this plan must be approved by the (AFTA) before beginning the ISMS implementation process.

Some of the benefits and outcomes of the initial assessment project include:

– A gap report comparing the current state with standard requirements and recommendations

– Defining the system’s scope

– Development plans for the system

– An approximate estimate of the costs and time required for consulting and implementing the standard

Windows Server Security Checklist

Ensuring the security of a Windows Server environment is critical for protecting an organization’s information assets. This comprehensive checklist outlines key measures to safeguard your servers, ranging from basic configuration to advanced security policies.

Organizational Security

1. Asset Inventory Documentation: Keep detailed records of each server’s configuration, including any changes made.
2. Pre-change Testing: Thoroughly test and evaluate any hardware or software changes before implementation.
3. Risk Assessment: Regularly evaluate risks and update your risk management plan accordingly. Maintain a prioritized list of servers to address vulnerabilities systematically.

Windows Server Preparation

1. Hardening DMZ Servers: Ensure all new servers in the DMZ, not connected to the internet, are securely configured.
2. BIOS Password: Set a BIOS password to prevent unauthorized changes.
3. Disable Auto-Login for Admin Accounts in Recovery Console.
4. Device Boot Order: Configure the boot order to prevent unauthorized booting from external media.

User Account Security

1. Strong Password Policies: Ensure that administrative and system passwords are strong, avoiding dictionary words. Passwords should be at least 12 characters long and include a mix of letters, numbers, special characters, and non-printable characters (e.g., CTRL). Change all passwords every 90 days.
2. Account Lockout Policies: Set Group Policy to lock accounts after a specified number of failed login attempts.
3. Disable Guest Accounts.
4. Prevent Anonymous User Permissions: Do not grant ‘Everyone’ permissions to anonymous users.
5. Disable Anonymous SID/Name Translation.
6. Disable or Remove Inactive User Accounts.

Network Security Configuration

1. Firewall Settings: Enable Windows Firewall on all domains and configure it to block incoming traffic by default.
2. Port Blocking: Enable port blocking at the network level, allowing only necessary ports.
3. Authenticated Network Access: Configure settings to allow only authenticated users to access network resources.
4. Restrict ‘Act as Part of the Operating System’ Permissions.
5. RDP Security: Increase the encryption level for RDP connections.
6. Disable Anonymous Access to Shared Data.
7. NTLM Security: Configure Local System to use the computer identity for NTLM and disable Local System NULL session fallback.
8. Kerberos Encryption Types: Configure possible encryption types for Kerberos.
9. LAN Manager Authentication Level: Set to accept only NTLMv2, rejecting LM and NTLM.
10. Disable File Sharing Over Network: Prevent unauthorized access to important data by restricting file-sharing capabilities.

 General Windows Server Security Settings

1. Disable Unnecessary Services: Deactivate services that are not required to minimize security vulnerabilities.
2. Enable Encryption: Use NTFS or BitLocker to activate native Windows file system encryption (EFS).
3. Disable Swapfile if Sufficient RAM: Increase security and performance by disabling swapfile on systems with ample RAM.
4. Disable AUTORUN: Prevent automatic execution of potentially malicious code from removable media.
5. Pre-login Warning Messages: Configure the system to display a warning message before user login.
6. NTFS File System: Ensure all storage volumes use the NTFS file system.
7. System Time Synchronization: Synchronize system time with domain servers.

 Audit Policy Configuration

1. Enable Audit Policy: Define and activate Audit Policy to track and log specific types of events in the Security log.
2. Event Log Configuration: Customize event log settings according to business needs.
3. Log Shipping to SIEM: Forward logged events to a Security Information and Event Management (SIEM) system for monitoring.

 Objective

By following this checklist, the goal is to extend the time an attacker requires to gain control over the network from a few hours to several weeks or months. This increases the likelihood of detecting the attack and gives more time to respond, reducing potential damage.