Windows Firewall Configuration

[OneApplications]

Hi all,

I've recently got a new Windows 2008 Server (on cloud). I use this server purely as a database server running MSSQL Express. I have configured MSSQL to use a default instance and also changed the default port to reduce the number of rouge login attempts.

As I only use this server for MSSQL traffic (and RDP connections of course), is there anything I can do to "lock down" the Windows firewall? I notice that, by default, there seems to be all sort of service rules enabled such as...

Core Networking - IvP6 this that and the other
File and printer sharing - at least 8 of these enabled
Network discovery - again, quite a few of these
Windows communication foundation - Not a clue what that is!!

Not really knowing what half of these rules are for it's hard to just disable them all and hope for the best. Any thoughts as to what I'd be ok to disable?

Thanks in advance,

Chris.

[Rock]

Hi Chris,

There's absolutely no problems in disabling the following services or having them blocked in the Windows firewall

Core Networking.
File and printer sharing.
Network discovery.
Windows communication foundation.

If you can PM me with your server's IP, I can further get it hardened.

[OneApplications]

Thanks Rock,

I've now disabled all rules with the exception of the inbound rules for SQL Server (on non-standard port) and RDP. I actually disabled all file / printer sharing / network discovery via control panel first.

I'll PM you a bit later on re the further "hardening" Cheers!

[Rock]

Thanks Rock,

I've now disabled all rules with the exception of the inbound rules for SQL Server (on non-standard port) and RDP. I actually disabled all file / printer sharing / network discovery via control panel first.

I'll PM you a bit later on re the further "hardening" Cheers!

You're most welcome...

[OneApplications]

Hi Rock,

As well as the steps I have mentioned above, I've also now changed the default RDP port (and disabled the default port in the firewall). I must admit that since I've made these changed I've not had a single failed login (event 4625).

I know you mentioned "further hardening" in your earlier post. Just as a rough overview, what did you have in mind?

Cheers,

Chris.

[Rock]

Hi Rock,

As well as the steps I have mentioned above, I've also now changed the default RDP port (and disabled the default port in the firewall). I must admit that since I've made these changed I've not had a single failed login (event 4625).

I know you mentioned "further hardening" in your earlier post. Just as a rough overview, what did you have in mind?

Cheers,

Chris.

Hi Chris,

Glad to know that you've configured these settings to secure the server

What I meant by further hardening was following these steps:

• Rename the Administrator Account to something different or consider creating a dummy Administrator account instead of the default one.
• Changing the default RDP port to something else is a good step as well
• Schedule automatic windows updates & regularly apply patches.
• Disable sharing & default shares (which I think is done).
• Enable security auditing & do regular audits.
• Disable dump file creation, which can cause leaking of sensitive information account passwords.
• Password security, turn on 'password complexity requirements' in Group Policy, so no weak passwords are setup for any accounts. Reset the passwords regularly for all the accounts..
• Disable the default Guest account if found to be active.
• As you use SQL server, disable remote connections or either run it on a different port & allow only your local machine's IP address into the Firewall's scope section. Same can be configured for RDP as well.

There are few more settings which can be configured on Email & Web services, such as reconfiguring the ports to forcefully use SSL & disable PHP functions, etc, but as you aren't using this server for that purpose, these points don't come into focus

Let us know if you need any further assistance on this..

[OneApplications]

Thanks for those suggestions Rock. I think i've already done most of the things you suggest. I keep a regular eye on the security log so I should know pretty soon if any rouge logins have been attempted.

One thing that has confused me a bit is that you say to enable windows updates? I was told by a chap on live chat that you shouldn't do this on a VPS? (Yes I know I'm posting in the dedicated forum! lol). The server is on HyperV (cloud), I just thought that this forum would be a better place to ask about the firewall.

I know you suggest disabling the remote access to SQL Server but as this server is purely a database server (for remote access) I need to have remote access by many clients, many with dynamic IPs so unfortunately there's not much I can do about limiting IPs. I have changed the default port though and ensured that all accounts have strong passwords etc.

[Rock]

Thanks for those suggestions Rock. I think i've already done most of the things you suggest. I keep a regular eye on the security log so I should know pretty soon if any rouge logins have been attempted.

One thing that has confused me a bit is that you say to enable windows updates? I was told by a chap on live chat that you shouldn't do this on a VPS? (Yes I know I'm posting in the dedicated forum! lol). The server is on HyperV (cloud), I just thought that this forum would be a better place to ask about the firewall.

I know you suggest disabling the remote access to SQL Server but as this server is purely a database server (for remote access) I need to have remote access by many clients, many with dynamic IPs so unfortunately there's not much I can do about limiting IPs. I have changed the default port though and ensured that all accounts have strong passwords etc.

Hi Chris,

Glad to know that you've already carried out certain steps towards securing your server. Ahh & so this is a HyperV server but I've seen no problems with applying Windows Updates on such kind of servers.. Let us know if you want us to do the updates for you

[OneApplications]

Hi Rock,

I've no problems enabling Windows update myself it's just that up to now I've been under the impression that all critical updates were performed "on the node" and that any updates required were all done by eUK anyway??

If you're saying that I should actually use Wndows update myself on the guest OS then I'll certainly give it a go.

I might start a new thread in the VPS forum and ask people's opinion on this, see if anyone's had any problems with enabling updates on HyperV.

Cheers,

Chris.

[Rock]

Hi Rock,

I've no problems enabling Windows update myself it's just that up to now I've been under the impression that all critical updates were performed "on the node" and that any updates required were all done by eUK anyway??

If you're saying that I should actually use Wndows update myself on the guest OS then I'll certainly give it a go.

I might start a new thread in the VPS forum and ask people's opinion on this, see if anyone's had any problems with enabling updates on HyperV.

Cheers,

Chris.

Hi Chris,

There're absolutely no problems with updating HyperV or VMWare based VPSes from the Guest OS. Regarding the Virtuozzo ones, we do all the necessary updates on the host server itself.

[OneApplications]

Hi,

Well I enabled Windows Update and it successfully installed 72, yes 72 updates!!

I was unable to access the server via RDP after the initial reboot following the updates (did wait a good half hour for it to boot) but a quick chat with support got it rebooted at the node and all seems well now.

Thanks for your help on this Rock!

[Rock]

Hi,

Well I enabled Windows Update and it successfully installed 72, yes 72 updates!!

I was unable to access the server via RDP after the initial reboot following the updates (did wait a good half hour for it to boot) but a quick chat with support got it rebooted at the node and all seems well now.

Thanks for your help on this Rock!

You're welcome Chris

[Avis Austin]

hmmm! great info!
I was suffering from a problem with my window, but after read your post it solved now. Thanks...

americaneducationservices.us

[Rock]

hmmm! great info!
I was suffering from a problem with my window, but after read your post it solved now. Thanks...

americaneducationservices.us

I'm happy to know that this post has help you & others