Revise A Security Plan To Add Security For Domain Controllers

By Author: Shirley Green
Total Articles: 129
Comment this article

1.What areas must be addressed to CompTIA the baseline server template so that domain controllers will be able to function?
Services, password policy, Kerberos policy, audit policy, event logs, security options, and user rights. Additional services will need to be set to Automatic. Because the password policy for the domain is controlled by the default domain policy, the domain controller policy should not have a password policy. The audit policy of the domain controller needs both account logon events and logon events set for success and failure. The event logs need to be set to a larger size. Security options for domain controllers need to be configured. User rights should not restrict domain user network access.

2.What additional security elements should be addressed for server roles?
Each server role has specific security issues, many of which cannot be addressed within the security templates. To provide better security plans that address server roles, additional research must be completed. Items to consider include server administration specific to the server ...
... roles, security based on the primary application the server is running. For example, Certification Authority administration and user roles can be further configured to provide separation of duties. Routing and Remote Access servers might need packet filters configured to prevent harmful traffic from entering the network. Microsoft SQL Server databases can be secured based on the database purpose. Microsoft free A+ practice exams Exchange Server, SQL Server, IIS, and all other server roles have security configurations and best practices that are specific to the server role and cannot be configured using security templates. Communications between each server might require special treatment, and IPSec in transport mode might be used to do so.
How will you provide security for these file servers?
A baseline template for the partner domain should be developed. It should be a high-security template, enforcing the most restrictive level of security. An OU infrastructure can provide OUs that map to server roles, such as the file servers. An incremental template should be developed for the file servers that will allow them to function as file servers while protecting them. In addition to allowing them to share files, you should include file and registry ACLs in the templates to ensure consistency and recurring application of the security settings. If common files are stored on both servers, security settings for free Security+ practice exams these files should also be provided in the templates.