Harden Windows Hosts
In this IT Pro Challenge virtual lab, you will get hands-on experience as a Windows administrator, setting up security to harden your Windows Server VM. You will learn how to configure the firewall, manage group policy security settings, configure a PPTP VPN, and set up a client VPN connection. These skills are essential for Windows Administrators.
This hands-on lab provides a Windows Server administrator with an understanding of how to configure essential security settings for your domain. You will learn how to configure a firewall policy to control access to your environment. You will then learn how to manage group policy security settings, such as account password and lockout policies. Finally, you will configure a Point-to-Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) on your server and set up your client to use the new VPN connection. These skills will help you to understand fundamental security controls within a Windows domain.
Understand the scenario
You are a system administrator for a company that uses Windows servers. You need to reduce the attack surface on these servers to minimize your organization’s risk. First, you will configure firewall rules to permit inbound web traffic explicitly. Then you will configure your Group Policy security settings to match your organization’s password policy. Next, you will configure a Windows Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) server and configure a workstation as a VPN client. Your environment contains two virtual machines on one domain. You will use a Windows Server 2016 and Windows 10 virtual machine to complete these tasks.
Configure a Windows firewall rule that allows inbound traffic:
Your first task is to gain experience managing Windows Firewall. You will build a new firewall that permits all inbound web traffic for HTTP and HTTPS (ports 80 and 443) to your server environment.
Configure Group Policy security settings:
In this task, you will configure group policy security settings that align with your company’s password policy. You will make changes to the default domain policy that set the lockout threshold for failed password attempts, sets the minimum password length requirement, and establishes the minimum password history that will minimize the vulnerability of password reuse on your domain.
Configure a PPTP VPN:
Microsoft Windows servers have built-in capability to provide point-to-point tunneling protocol (PPTP) virtual private network (VPN) service. In this section, you will use the server manager to install and configure the VPN service on your server.
Configure a client VPN connection:
In this section, you will use your Windows 10 workstation and learn how to set up a new PPTP VPN connection using the previously configured VPN service on your Windows server.
Lab Summary Conclusion:
As an administrator in a Windows Server environment, it is essential to understand the basic security controls available to you to secure your domain. This hands-on lab introduces you to very important capabilities that are native to a Windows environment. You will learn to manage your host-based firewall, which effectively minimizes the attack surface of your environment. Then you will learn how to manage group policy security settings, which enable you to enforce controls that align to strong cybersecurity policy and posture. Finally, you will learn about the native VPN capability of a Windows server. You will set up a PPTP VPN and then configure your client to use it, increasing the security of your network activity.
Other Challenges in this series
- GUIDED CHALLENGE: Configure Linux Firewall ACL Rules
- ADVANCED CHALLENGE: Can You Secure Network Access?