What to consider when applying Microsoft Security Baselines?

Author Uwe GradeneggerPosted on Categories Security, Windows operating systemTags , , , ,

In the context of hardening measures, it is a good idea to use the Microsoft published Microsoft Security Baselines to your own server landscape.

This will inevitably have an impact on PKI components. The following is an overview of the expected effects and countermeasures.

Auditing settings

The security baselines bring an auditing policy, which does not include settings for the certification authority (see article "Standard auditing rules for Windows Server operating systems" for a comparison with the standard auditing rules).

The certification authority-specific audit settings must therefore be applied separately to the certification authorities and the associated services. See article "Configuration of security event monitoring (auditing settings) for certification authorities„.

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Windows security permissions

Other

  • The security baselines include rules to prevent outdated (Internet Explorer) or Microsoft undesirable (Google Chrome, Mozilla Firefox) browsers from running. If these browsers are used, the configuration must be adjusted accordingly.
en_USEnglish
de_DEDeutsch en_USEnglish