More Manuals:
In case you failed to obtain relevant information in this document, please, look through related operating manuals and user instructions for TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0.
Just click one of the links below to go to the selected manual:
Summary of Contents:
[Page 1] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Cisco TelePresence Management Suite Secure Server Hardening Windows Server 2003 for Cisco TMS 13.0 Product Configuration Guide D13148.08 December 2010
...
[Page 2] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Document revision history Cisco TMS Secure Server Configuration Guide 13.0 Page 2 of 34 Contents References and related documents ........................................................................................................ 5 Pre...
[Page 3] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Document revision history Cisco TMS Secure Server Configuration Guide 13.0 Page 3 of 34 Tables Table 1 Service account file ACLs ........................................................................................................ 11 Tab...
[Page 4] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Document revision history Cisco TMS Secure Server Configuration Guide 13.0 Page 4 of 34 Document revision history Revision 7 Update for Cisco TMS 12 Comprehensive update for Windows 2003 SP1 Changes Removal of Windows 2000 specific referen...
[Page 5] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
General Cisco TMS Secure Server Configuration Guide 13.0 Page 5 of 34 General References and related documents Windows Server 2003 Security Guide (Microsoft Corporation) Windows 2003 Threats and Countermeasures Guide (Microsoft Co...
[Page 6] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
General Cisco TMS Secure Server Configuration Guide 13.0 Page 6 of 34 IMPORTANT: This document does not guarantee that your server is secure from attacks even if you have applied all the changes described. Cisco is not responsible for potenti...
[Page 7] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Installation Cisco TMS Secure Server Configuration Guide 13.0 Page 7 of 34 Installation Pre-install considerations We strongly recommend installing Cisco TMS on a dedicated server. Using Cisco TMS server for other purposes or services will ...
[Page 8] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Installation Cisco TMS Secure Server Configuration Guide 13.0 Page 8 of 34 only be added to the group Users. To set permissions for users in this group b. Go to Administrative Tools > User Administration > Groups. Next click Set Perm...
[Page 9] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 9 of 34 Securing Windows Server 2003 tasks File system Ensure the file system for all hard disks is NTFS. Avoid using FAT, FAT 32 or FAT 32x file system...
[Page 10] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 10 of 34 Secure the SQL Server SQL Server 2005 installs by default in a local-only configuration designed to reduce surface area. These additional steps...
[Page 11] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 11 of 34 Table 1 Service account file ACLs Directory User/Group Permission <tms installdir>\ 1) LocalMachine\Administrators 2) SYST...
[Page 12] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 12 of 34 Directory User/Group Permission <tms installdir>\wwwTMS\Data\Image 1) LocalMachine\Administrators 2) SYSTEM 3) tmsserviceu...
[Page 13] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 13 of 34 1. Open a command prompt and navigate to the .NET 2 installation folder. This normally is C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 2. Us...
[Page 14] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 14 of 34 Remove unnecessary windows components To reduce the attack surface of the Cisco TMS server, ensure that Windows Components that are not require...
[Page 15] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 15 of 34 Component Subcomponent Include Windows Media Services N Table 3 IIS components Component Subcomponent Include B...
[Page 16] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 16 of 34 Distributed File System Secondary Logon Distributed Link Tracking Client Shell Hardware Detection Distributed Link T...
[Page 17] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 17 of 34 Uninterruptible Power Supply Volume Shadow Copy Network services In general any services not required by Cisco TMS should not be run...
[Page 18] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 18 of 34 Port Protocol Service 162 UDP SNMP traps 389 TCP LDAP 443 TCP SSL over HTTP 636 TCP Secure LDAP 4444 TCP OpenDS Admini...
[Page 19] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 19 of 34 Directory U ser/Group Permission SQL 3) SQLServer2005MSSQLUSER$Computer Name$InstanceName 3) Read &Execute \<sql direc...
[Page 20] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 20 of 34 Directory U ser/Group Permission SQL Server\90\Setup Bootstrap 2) SYSTEM 3) SQLServer2005MSSQLUSER$Computer Name$InstanceName ...
[Page 21] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 21 of 34 Table 6 Summary of audit policy settings Policy Security Setting Audit account logon events Success, Failure The ‘Audit account...
[Page 22] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 22 of 34 Policy Security Setting Act as part of the operating system (SeTcbPrivilege) Add workstations to domain (SeMachineAccountPrivilege)...
[Page 23] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 23 of 34 Policy Security Setting Generate security audits (SeAuditPrivilege) LOCAL SERVICE, NETWORK SERVICE Impersonate a client after authen...
[Page 24] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 24 of 34 Table 8 Recommended security options Policy Security Setting Accounts: Administrator account status Enabled Accounts: Guest account s...
[Page 25] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 25 of 34 Policy Security Setting Domain member: Require strong (Windows 2000 or later) session key Enabled Interactive logon: Display user inf...
[Page 26] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 26 of 34 Policy Security Setting Network access: Named Pipes that can be accessed anonymously COMNAP COMNODE SQL\QUERY SPOOLSS LLSRPC netl...
[Page 27] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 27 of 34 Policy Security Setting System cryptography: Force strong key protection for user keys stored on the computer User must enter a passwo...
[Page 28] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 28 of 34 5. Fill in AutoShareServer for Name and 0 for Value data. Screen saver Make sure that the screensaver is password protected in order to preven...
[Page 29] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing Windows Server 2003 tasks Cisco TMS Secure Server Configuration Guide 13.0 Page 29 of 34 Clear paging file at shutdown Clear the paging file at shutdown, as there is no need to have an old memory dump on disk when the system is rebo...
[Page 30] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing IIS Cisco TMS Secure Server Configuration Guide 13.0 Page 30 of 34 Securing IIS The IIS configuration installed by Windows 2003 SP2 is preconfigured to run as a secure server, disabling many services that were enabled in Windows 200...
[Page 31] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing IIS Cisco TMS Secure Server Configuration Guide 13.0 Page 31 of 34 mainstream browsers Internet Explorer and Firefox support NTLM so basic authentication should be disabled if not accessing Cisco TMS through a proxy 6 . 1. Go to Wi...
[Page 32] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Securing IIS Cisco TMS Secure Server Configuration Guide 13.0 Page 32 of 34 .stm 6. Click OK to close the dialogs. 7. When prompted about Inheritance Overrides for the child nodes, click Select All. 8. Click OK so the changes are appli...
[Page 33] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Post installation and upgrades Cisco TMS Secure Server Configuration Guide 13.0 Page 33 of 34 Post installation and upgrades Cisco TMS upgrades Due to the Cisco TMS application and its components being removed and reinstalled during upgrades...
[Page 34] TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0
Post installation and upgrades Cisco TMS Secure Server Configuration Guide 13.0 Page 34 of 34 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECO...