CATEGORII DOCUMENTE |
Asp | Autocad | C | Dot net | Excel | Fox pro | Html | Java |
Linux | Mathcad | Photoshop | Php | Sql | Visual studio | Windows | Xml |
Windows Server 2003 Security Guide Implementation Functional Specification
<Company Name>
Author | |
Author Position | |
Date |
Version 1.0
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e - mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e - mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
2003 Microsoft Corporation. All rights reserved.
Microsoft, Windows Server 2003, Active Directory, Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Visual Basic are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Revision & Sign-off Sheet
Change Record
Date |
Author |
Version |
Change Reference |
Reviewers
Name |
Version Approved |
Position |
Date |
|
Distribution
Name |
Position |
Document Properties
Item |
Details |
Document Title |
Windows Server 2003 Security Guide Implementation Functional Specification |
Author | |
Creation Date | |
Last Updated |
Table of Contents
Functional Specification Executive Summary
Project Justification and Design Goals
Project Vision/Scope Summary
This project will focus on the implementation of security guidance to harden a number of core server roles in the environment at <Company Name>. The focus will be to create a baseline level of security for these server roles that results in little to no impact on the installed client base.
Functional Specification Executive Summary
The functional specification for the implementation of the Windows Server 2003 Security Guide is a detailed listing of the proposed changes to the environment. This document should accompany a Vision/Scope document describing the business requirements for the project. This functional specification will also combine the features of a design specification or a detailed physical design. This functional specification should accompany a detailed requirements document that describes all business, operational, user, and system requirements.
Project Justification and Design Goals
This project should measurably increase security while causing a minimal amount of impact on end users. However, the project may impact administrative tasks and increase the level of maintenance required in order to achieve a greater level of security.
Business Requirements Summary
This project should result in a measurable level of increased security for <Company Name>. Perform a full security risk analysis prior to the implementation of this project. These security measures should address issues defined as the most significant security risks in the environment.
User Requirements Summary
Users should experience no negative side effects from the implementation of this security guidance. The changes to enhance the security of the environment should have a negligible effect on their ability to perform their work.
Administrators may be affected, as these IT professionals may have to perform common administrative tasks differently based on the security measures that are implemented.
System Requirements Summary
The security settings in this functional specification are targeted for a pure Microsoft Windows ServerT 2003 server environment. <Client requirements can be defined here as well based on the level of security selected>.
Feature Cuts and Unsupported Scenarios
This project focuses only on the key server roles defined in the Vision/Scope document. These server roles include:
1. Domain Controller
2. DHCP Server
3. WINS Server
4. File Server
5. Print Server
6. IIS Server
7. IAS Server
8. Certificate Server
In addition, a baseline member server policy will be created to provide a common base for additional server roles. Also, a baseline bastion host template has been specified that will be customized according to the application that the Internet - facing host is designated to provide for the environment.
This project does not address other specific server roles that are not listed above. It is focused only on hardening the actual server operating system while maintaining adequate functionality for all of the server roles. The project does not address network security, security policy guidelines, and physical or perimeter network security.
In addition, the project does not address measures that may be required to secure client operating systems.
Assumptions and Dependencies
A detailed security risk analysis has been performed to identify the specific threats and countermeasures that need to be implemented to successfully complete this project.
This project will be thoroughly lab tested in a scenario that closely represents <Company Name>'s network environment.
Windows Server 2003 has already been deployed in the environment. These settings may work in a migration scenario, but were designed specifically to be implemented in a fully migrated server environment.
The implementation of this project should be performed as part of a larger security project. Computers running Windows Server 2003 comprise only part of the overall environment. Additional measures should be taken to secure the perimeter network, internal network, other host computers, applications, and the client environment. In addition, policies, procedures, and physical access to critical computers should be addressed in a separate project.
In addition, this functional specification is dependant on the Windows Server 2003 Security Guide Settings Excel workbook included with this document. The referenced workbook contains all of the settings that will be configured as part of Group Policy to successfully complete this project.
Solution Design
As part of the overall design of this project, a conceptual design, which is the high level view of the project, was created. In addition, a logical design was created to further detail the project. Finally, a physical design was created to detail all of the changes to be made to fully complete the project.
Conceptual Design Summary
This project will focus on one of the following levels of security guidance based on the system requirements:
A security level specific to environments with legacy clients such as Microsoft Windows 98 and Windows NT 4.0.
A security level specific to environments that have upgraded their environment to contain all Windows 2000 or Windows XP clients.
A security level targeted for environments that want to meet a stringent set of security guidelines.
This project will cover specific server roles and provide hardening guidance for the machines providing core functionality within the organization.
Logical Design Summary
The mitigation steps for this project are designed to work on Windows Server 2003. The underlying technical scenario covers several options for scaling the project both up and down. Using a simple distributed architecture ensures the prescribed settings will not physically break inter - site communications of the machines, impair their design, or compromise their usability. The Microsoft Active Directory design at <Company Name> includes <Replace with a description of the environment at Company Name>. The Active Directory directory servers run Windows Server 2003, and the member servers run Windows 2000, and Windows Server 2003. The clients in the environment are running <Replace with a description of the client operating systems in the environment.>
Infrastructure Layout
<Provide a high level description of the Site layout at Company Name.>
Active Directory Design
<Provide a high level description of the Domain structure at Company Name.>
<Include a high level diagram of the Active Directory design.>
Figure 1.1
The Active Directory design
<Include a high level services placement for Company Name that includes the domain and site locations of any server roles that will be addressed as part of the project.>
Figure 1.2
The server layout for <Company Name>
The figure above shows the server role - based distribution of services for the purposes of testing.
Physical Design Summary
The functional security requirements are a combination of Group Policy security settings and System Service configurations. These include settings for Password Policies, Account Lockout Policies, Audit Policy, User Rights Assignments, Security Options and the Event Log. Any custom registry configurations provided by Microsoft Solutions for Security guidance will be contained in the Security Options section of the Group Policy associated with the appropriate server role.
Note: Instead of listing all of the Group Policy security settings in the following section, they are listed as functional requirements for each of the server roles in the Windows Server 2003 Security Guide Settings Excel workbook included with this document.
There are a number of additional registry settings that can be secured in Windows Server 2003. These settings will be incorporated into the Security Options section of the server's Group Policy. For more information on how this can be performed, see the article, 'How to Add Custom Registry Settings to Security Configuration Editor' at: https://support.microsoft.com/default.aspx?scid=214752.
In addition, any Internet Protocol Security (IPSec) filters that will be applied to these server roles are documented in the IPSec Filter Network Traffic Maps Excel workbook that accompanies this document.
Supportability Summary
All of the settings recommended in this project are supported by Microsoft. Additional options for support can be found in the Supporting the Windows Server 2003 Security Guide document that accompanies this document.
<Company Name should insert an overview of the internal supportability and operational impact of the changes as well.>
Risk Summary
The following table contains several of the initial risks identified as part of this project. <Additional risks specific to the environment at Company Name should be added as well>.
Table 1.1: Project Risks for <Company Name>
Risk Description |
Solution Options |
Threat |
Application compatibility |
Thorough testing in a lab environment with all major line of business applications and client configurations. |
High |
Specific threats are not addressed |
Perform a full threat assessment and security risk analysis to determine what threats are to be addressed. Ensure that the settings recommended address these threats. |
Medium |
No integration plan with other teams |
Meet with Operations, Network Management, Security Administration, and Client groups to understand project requirements and set expectations. |
Medium |
Client compatibility |
Specific settings should be selected based on the client environment. Generic groupings have been predetermined and tested. |
Low |
Politica de confidentialitate | Termeni si conditii de utilizare |
Vizualizari: 1073
Importanta:
Termeni si conditii de utilizare | Contact
© SCRIGROUP 2024 . All rights reserved