SCCM 2007 – Best Practices for Securing Site Systems

Best Practices for All Site Systems

  • Use role separation on site
  • Reduce the attack profile     
  • Run the Security Configuration Wizard on all site systems    
  • Use NTFS for all site systems    
  • Do not remove the admin$ share on site systems   
  • Closely monitor Internet-based site settings on site systems   
  • Configure static IP addresses for site systems  
  • Use FQDN server names   
  • Do not install other services that use the Local System account   

Best Practices for Site Server

  • Install Configuration Manager 2007 on a member server instead of a domain controller   
  • Install secondary sites at the secondary site server instead of using push installation    

Best Practices for SQL Server

  • Use a dedicated SQL Server for each site   
  • Do not use the Configuration Manager site database server to run other SQL Server
  • Configure SQL Server to use Windows Authentication
  • Install Configuration Manager and SQL Server on the same computer
  • Follow security best practices for SQL Server: http://go.microsoft.com/fwlink/?LinkId=95071

Best Practices for Site Systems Requiring IIS

  • Disable IIS functions that you do not require
  • Do not put the site server on a computer with IIS
  • Use dedicated IIS servers for Configuration Manager

Best Practices for Management Points

  • In a single site hierarchy that requires trusted root key authentication, always use a separate management point   
  • If this site system role is configured in a perimeter network, configure the site server to retrieve the data from the site system   
  • Use the fewest management points possible   

Best Practices for Fallback Status Point

  • Do not co-locate any other site system roles with the fallback status point   
  • Do not install the fallback status point on a domain controller    
  • In native mode, deploy the fallback status point prior to deploying clients    
  • Avoid using the fallback status point in the perimeter

Best Practice for Server Locator Point

  • Do not put a server locator point in the perimeter

Citação

Best Practices for Securing Site Systems
http://technet.microsoft.com/en-us/library/bb694127.aspx

 

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s