Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
<strong>Recommended</strong> <strong>Baseline</strong> <strong>Security</strong> (ITSG-20)<br />
1 Introduction<br />
1.1 Background<br />
Threat agents exploit vulnerabilities to either gain control or disable a computer. Experts differ<br />
on what may be the primary cause of computer vulnerabilities. Some will agree that two causes<br />
are exploitation of defects in software, and lack of secure configurations.<br />
To address software defects, vendors issue patches in many forms. These are designed to<br />
address software defects particular to an operating system or application. Although they fix one<br />
problem, patches create other issues. In addition to patches, checklists are used to provide<br />
computer users with secure and tested configuration guides.<br />
In the past, Government agencies 1 have produced and disseminated checklists for securing<br />
computer systems. However, the way checklists are produced has changed. Vendors realize<br />
benefits producing configuration checklists for their own products. In turn, public and private<br />
organizations save time and money by leveraging this complex work.<br />
1.2 Aim<br />
ITSG-20 provides a practical set of security settings for Microsoft <strong>Windows</strong> <strong>Server</strong> <strong>2003</strong>. The<br />
aim is to establish and maintain a High <strong>Security</strong> <strong>Windows</strong> <strong>Server</strong> <strong>2003</strong> environment.<br />
There are two platform variants: Domain <strong>Server</strong> and Workgroup <strong>Server</strong>. We cover two<br />
applications as well: Print <strong>Server</strong> and File <strong>Server</strong>. In other words, we provide four<br />
configurations, one for each application running on each platform, as follows:<br />
1) Domain File <strong>Server</strong><br />
2) Domain Print <strong>Server</strong><br />
3) Workgroup File <strong>Server</strong><br />
4) Workgroup Print <strong>Server</strong><br />
The guideline provides a <strong>Baseline</strong> configuration that applies to all servers of a given type,<br />
Domain <strong>Server</strong> or Workgroup <strong>Server</strong>. Given that the <strong>Baseline</strong> configuration provides security<br />
before functionality, it should be used as a starting point. File and Print <strong>Server</strong> application<br />
policies are layered on top of the <strong>Baseline</strong> configuration. In this way, we provide a template for<br />
creating additional server roles based on the CSE <strong>Baseline</strong>. Application policies layered above<br />
the <strong>Baseline</strong> enables the server to function as intended.<br />
1.3 Scope<br />
ITSG-20 provides guidance to build High <strong>Security</strong> Domain and High <strong>Security</strong> Workgroup<br />
servers. Additional policies can be applied to support a variety of roles within your organization.<br />
1 Agencies such as: National Institute of Standards and Technology (NIST), National <strong>Security</strong> Agency (NSA),<br />
Center for Internet <strong>Security</strong> (CIS), and SANS (SysAdmin, Audit, Network, <strong>Security</strong>).<br />
Introduction March 2004 1
Change language