I need to harden my windows 2008 r2 server for PCI. What is the best way to do this? The server are behind a CISCO ASA and in the DB servers are in separate vlans. Now i need to know if there are any unnecessary services that i can disable to improve security. These servers are running IIS and .net applications.
Asked
Active
Viewed 1.4k times
4 Answers
2
Here are two great places to start hardening any server:
- Download and run the Windows Server 2008 R2 Best Practices Analyzer.
- For a very hard server, run through the DoD's STIGs for Windows Server. They look overwhelming at first, but will take you a long way towards compliance with many regulations. You should also note that some of the DoD's security recommendations are so tight that they can sometimes break apps. Be sure to test before you apply these registry or group policy settings to your machines.
SamErde
- 3,324
- 3
- 23
- 42
2
Microsoft has some details of how TMG hardens Server 2008 (listing services and other configuration information). They also have a Planning Guide specifically for PCI and for PCI:DSS; the Server 2008 Security Baseline, and a variety of other Solution Accelerators including the Security Compliance Manager.
Chris S
- 77,337
- 11
- 120
- 212
0
Your first stop should be understanding what's already built into SCW, if only to avoid bumping up against it unexpectedly. (Similar question here)
Kara Marfia
- 7,892
- 5
- 32
- 56
0
You can use this tool provided by The Center for Internet Security.
It's probably not enough to achieve a PCI compliance but it's a good start
radius
- 9,545
- 23
- 45