Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Configuration Wizard James Leinweber Hygiene Lab / UW-MIST.

Published byCuthbert Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Configuration Wizard James Leinweber Hygiene Lab / UW-MIST."— Presentation transcript:

1 Security Configuration Wizard James Leinweber Hygiene Lab / UW-MIST

2 2 about SCW an attack surface reduction tool –makes it easy to turn off unwanted services, add firewall rules, tweak registry security settings, edit INI files, improve ACL’s, etc. –saves templates to apply to multiple servers –compare bastille on Linux optional for server 2003 sp1, bundled for 2008 –not secret, but surprisingly unknown –Microsoft requires SCW extensions for all its enterprise services!

3 3 SCW isn’t not an installation tool. –install all roles and features first not related to group policy in AD –sufficiently generic templates may be convertible to GPO’s SCW templates are applied once, by hand, post-install and pre-deployment

4 4 Why do we care? hardening servers is an important part of a defense in depth strategy it’s really hard to do, and really error prone to do it by hand even if you did it well, it’s hard to audit afterwards, and hard to replicate on new servers we need a tool with analysis and guidance –security configuration wizard is that tool!

5 5 what’s happening

6 6 OK, so try it Most changes can be rolled back, so feel free to experiment on test servers –except auditing SACL’s a good idea to run on any server a Really Good Idea to run on exposed and high value servers (DMZ, PCI DB, …) Let’s try it

Download ppt "Security Configuration Wizard James Leinweber Hygiene Lab / UW-MIST."

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
Epics Configuration Management Steve Hunt v1.0. Goals Maximize control system availability Minimize development cycle time Reduce risk.

Epics Configuration Management Steve Hunt v1.0. Goals Maximize control system availability Minimize development cycle time Reduce risk.
PowerPoint PD Garden Springs:Primary. Getting Started  To open PowerPoint, click Start, Programs, Microsoft PowerPoint  A box will pop up with some.

PowerPoint PD Garden Springs:Primary. Getting Started  To open PowerPoint, click Start, Programs, Microsoft PowerPoint  A box will pop up with some.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.

IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.

Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK

Understanding Group Policy on Windows Server 2003 John Howard, IT Pro Evangelist, Microsoft UK
Module 7: Implementing Security Using Group Policies.

Module 7: Implementing Security Using Group Policies.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Similar presentations

Ads by Google