Hardening windows server 2008 nist

Our websites may use cookies to personalize and enhance your experience. By continuing without changing your cookie settings, you agree to this collection. For more information, please see our University Websites Privacy Notice. Security is complex and constantly changing. This standard was written to provide a minimum standard for the baseline of Window Server Security and to help Administrators avoid some of the common configuration flaws that could leave systems more exposed.

This hardening standard, in part, is taken from the guidance of the Center for Internet Security and is the result of a consensus baseline of security guidance from several government and commercial bodies. Windows Server has detailed audit facilities that allow administrators to tune their audit policy with greater specificity. By enabling the legacy audit facilities outlined in this section, it is probable that the performance of the system may be reduced and that the security event log will realize high event volumes.

Given this, it is recommended that Detailed Audit Policies in the subsequent section be leveraged in favor over the policies represented below. Additionally, the "Force audit policy subcategory settings", which is recommended to be enabled, causes Windows to favor the audit subcategories over the legacy audit policies. For the above reasons, this Benchmark does not prescribe specific values for legacy audit policies.

This section articulates the detailed audit policies introduced in Windows Vista and later. Prior to Windows Server R2, these settings could only be established via the auditpol.

Guidance is provided for establishing the recommended state using via GPO and auditpol. The values prescribed in this section represent the minimum recommended level of auditing. The purpose of this guide is to provide a reference to many of the security settings available in the current versions of the Microsoft Windows operating systems. UConn A-Z. Introduction Purpose Security is complex and constantly changing.

You are viewing this page in an unauthorized frame window. NCP Special Publication. Checklist Repository. SCAP 1. Checklist Summary : The Windows Server Security Checklist is composed of three major sections and several appendices.

The organizational breakdown proceeds as follows: Section 1 - Introduction This section contains summary information about the sections and appendices that comprise the Windows Server Security Checklist, and defines its scope. Supporting documents consulted are listed in this section. Section 3 - Manual System Check Procedures This section documents the procedures that instruct the reviewer on how to perform an SRR manually, and to interpret the program output for vulnerabilities.

The tables contained in this section are referenced in Section 3.