Microsoft baseline security analyzer, Additional security recommendations – Dell PowerVault DP500 User Manual
Page 63
Security Recommendations
63
The success of a server certificate as a means of identification depends on
whether the user trusts the validity of information contained in the
certificate. For example, a user logging on to your company’s website might
be hesitant to provide credit card information, despite having viewed the
contents of your company's server certificate. This might be especially true if
your company is new and not well known.
For this reason, certificates are sometimes issued and endorsed by a mutually
trusted, third-party organization, called a Certification Authority. The
certification authority’s primary responsibility is confirming the identity of
those seeking a certificate, thus ensuring the validity of the identification
information contained in the certificate.
Alternatively, depending on your organization's relationship with its website
users, you can issue your own server certificates. For example, in the case of a
large corporate intranet handling employee payroll and benefits information,
corporate management might decide to maintain a certificate server and
assume responsibility for validating identification information and issuing
server certificates.
Microsoft Baseline Security Analyzer
Use the Microsoft Baseline Security Analyzer (MBSA) to search for any
security vulnerabilities. MBSA scans Windows-based servers for common
security misconfigurations. The tool scans the operating system and other
installed components, such as Internet Information Services (IIS). MBSA also
checks systems for missing security patches, and recommends critical security
patches and fixes.
Additional Security Recommendations
In addition to the practices mentioned in “Standard Security
Recommendations,” Dell recommends the following practices to ensure security:
•
Format all volumes as NTFS.
•
Disable automatic log on.
•
Disable the guest account.
•
Do not install IIS sample applications.
•
Disable parent paths.
•
Move the Microsoft Active Directory Connector and scripts virtual
directories from the default website to another location.