Thursday, October 10, 2013

Network & Server Best Practices and Hardening for Microsoft Products

While researching standards around enterprise-level server hardening and high availability best practices, I came across a couple of good documents/links.

Active Directory to SharePoint to networking best practices and security considerations for a full Microsoft implementation.

Microsoft High Availability Strategy 

Includes SharePoint, Exchange, Windows Server, SQL, Hyper V and clustering. Provides a logical overview of the many high-availability tools, solutions, and programs available from Microsoft.
Best Practices for Securing Active Directory
Contains recommendations to enhance the security of Active Directory installations, discusses common attacks against Active Directory and countermeasures to reduce the attack surface, and offers recommendations for recovery.
Contains a list of companies that produce patch and vulnerability management software.
Provides background information that helps you to identify the users and groups that are granted elevated privileges in Active Directory and on domain-joined systems. These accounts typically present the greatest risk because they can be leveraged by attackers to compromise and even destroy your Active Directory installation.
Contains information about protected groups in Active Directory.
Provides guidelines to secure the built-in Administrator account in each domain in a forest.
Provides step-by-step instructions to help secure the Enterprise Admins group in an Active Directory forest.
Provides step-by-step instructions to help secure the Domain Admins group in each domain in a forest.
Provides step-by-step instructions to help secure the built-in Administrators group in each domain in a forest.
Provides step-by-step instructions to help secure local Administrator accounts and groups on domain-joined systems.
Provides information and steps to create accounts that have limited privileges and can be stringently controlled, but can be used to populate privileged groups in Active Directory when temporary elevation is required.
Contains a list of third-party, role-based access control (RBAC) software vendors and their solutions.
Contains a list of third-party privileged identity management (PIM) software vendors and their offerings.
Lists events for which you should monitor in your environment.
Contains a list of recommended reading. Also contains a list of links to external documents and their URLs so that readers of hard copies of this document can access this information.

Network Management System: Best Practices
ISO Network Management Model - How to increase the overall effectiveness of current netork management tools and practices.
The goal of fault management is to detect, log, notify users of, and (to the extent possible) automatically fix network problems to keep the network running effectively
The goal of configuration management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed.
The goal of performance management is to ensure system and resource availability through SLA's, monitoring and reporting.
The goal of security management is to control access to network resources according to local guidelines so that the network cannot be sabotaged (intentionally or unintentionally).
Accounting management is the process used to measure network utilization parameters so that individual or group users on the network can be regulated appropriately for the purposes of accounting or chargeback. 

No comments:

Post a Comment