Use the following checklists to ensure that you have properly implemented all security settings and procedures prescribed in Chapter 11. 111y245b
|
|
Step |
Notes: |
|
q |
Install and configure Windows Server 2003. 111y245b | |
|
q |
Install and configure appropriate bastion host services. 111y245b | |
|
q |
Apply any required service packs and/or updates. 111y245b | |
|
q |
Install and configure a virus protection solution. 111y245b | |
|
q |
Install and configure appropriate bastion host services. 111y245b | |
|
q |
Modify bastion host security template to enable any services required for proper bastion host functionality. 111y245b | |
|
q |
Import the security template into the bastion host's local policy (BHLP). 111y245b |
Use the Security and Configuration Analysis snap-in to import the High Security - Bastion Host. 111y245b inf. 111y245b |
|
q |
Remove unnecessary protocols and bindings. 111y245b | |
|
q |
Secure well-known accounts. 111y245b |
Rename the built-in Administrator account, assign a complex password. 111y245b Ensure Guest account is disabled. 111y245b Change default account description. 111y245b |
|
q |
Secure service accounts. 111y245b | |
|
q |
Disable Error Reporting within the BHLP. 111y245b |
Path within DCBP: Computer Configuration\Administrative Templates\System\Error Reporting. 111y245b |
|
q |
Implement IPSec filters. 111y245b |
Modify the PacketFilters-SMTPBastionHost. 111y245b cmd file to enable appropriate bastions host functionality. 111y245b |
|
q |
Restart the server. 111y245b |
|
