In February 2022, the Center for Internet Security (CIS) released the Microsoft Windows Server 2022 Benchmark v1.0.0, which includes over 50 new features, Group Policy Objects (GPOs), capabilities, and services. The document compares Server 2019 and Server 2022 for their similarities and differences, as well as Windows 11 and Windows 10.

The create symbolic links user right determines the users ability to create a symbolic link within Windows from the device they’re logged on to. These links point to other files or folders, just like regular shortcuts, but works in a more advanced way. Symbolic links help maintain organization and flexibility while minimizing potential security risks by giving the ability to create a link in one folder that points to a file in a different folder, making it seem like the file exists in both places.

Setting the maximum log size for event logs is crucial for your security policy. Proper configuration helps detect attacks and investigate their sources. Insufficient storage can result in information loss and undetected breaches. This article covers everything you need to know about configuring maximum security log size. Server hardening can be labor-intensive and costly, often causing production issues.

IIS hardening can be a time-consuming and challenging process. PowerShell can help you achieve hardened IIS security settings to some extent, but it still requires hours of testing to ensure that nothing is broken. CSS by CalCom can automate the IIS hardening process with its unique ability to “Learn” your network, eliminating the need for lab testing while ensuring zero outages to your production environment.

System hardening involves identifying and addressing security vulnerabilities across hardware, firmware, software, applications, passwords, and processes. Compatibility allows most applications to work smoothly, but securing a system requires additional steps known as system hardening best practices, which are crucial for protection against advanced threats. Microsoft emphasizes server security and provides comprehensive hardening techniques and best practices tailored to various platforms.

In February 2022, the Center for Internet Security (CIS) released the CIS Microsoft Windows Server 2022 Benchmark v1.0.0, providing security best practices for establishing a secure configuration and hardening guide for Microsoft Windows. For automation of CIS benchmarks, Get in Touch. Following this release, CIS updated their recommendations for older operating systems, extending back to Windows Server 2008 where applicable. Below we discuss CIS Windows server 2022 hardening script we feel are critical.

In an SQL Server, roles act like security groups that control what users can do within the database environment. The roles designate the access groups determining who can access specific databases and what they can do with the data within those databases. The public role is a special database role that everyone is assigned by default when they become a member of a database. By default, the public role has very limited permissions, often no permissions at all.

SQL Agent proxies are a form of built-in service that allows the schedule and running of automated tasks within SQL Server. These tasks can perform various actions related to database management. The msdb database is a crucial system database in Microsoft SQL Server which primarily serves SQL server agents. These databases store information related to SQL Agent jobs, including their configuration, execution history, vital system tables and data.

The response in September 2023 by the Australian government outlined reforms to the existing Privacy Act 1988 from the Office of the Australian Information Commissioner (OAIC). These reforms aim to bring Australian privacy laws up to date with the digital age and give citizens more control over their personal information which may affect your businesses starting in 2024.

Most websites do not have their own individual server, instead they share a server along with multiple other websites and applications. All websites hosted from this server will therefore have the same IP address. This can be problematic as the server can’t differentiate which website to serve if many websites are hosted on the same IP address and port. It will serve the default website regardless of the requested domain.

A website directory, also known as a virtual directory functions similarly to a folder on a local machine, however, it exists on the web server’s file system and provides a structured and secure way to organize website content on an IIS server. Website directories act as logical containers for all the files that make up your website, including HTML pages, images, scripts, music, configuration files, and application binaries. Permissions assigned to directories control access to their contents.

In the age of software subscriptions, it is expected for over the air updates and bug fixes to happen instantaneously. To fix bugs and improve the user experience the software must be able to contact the creator to inform them of what is in need of optimization.

Windows credential manager securely stores and manages user credentials such as usernames, passwords, and certificates. These credentials are often used to access various resources, including network shares, websites, and applications, facilitating access to information and managing digital identities.

The Generate Security Audits security policy setting determines which accounts can be used by a process to generate audit records in the Security log. When certain events occur such as unauthorized access to a computer, file and folder access attempts and security policy changes, the Local Security Authority Subsystem Service (LSASS) writes these events to the log. This information in the Security log can be used to trace any unauthorized access to the system.