This article applies to:
OS: Windows 2008 R2
Product edition: inSync On-Premises
This procedure provides the hardening steps for inSync server storage node running on Windows 2008 R2.
Procedure
Druva inSync Server Hardening steps for inSync Master/storage Node running on 2008 R2:
Log on to the server as an Administrator and launch the Server Manager console.
Click Run Security Configuration Wizard link present under Security Information.
Click Next on the welcome page of the Security Configuration Wizard.
Select Create a new security policy on the Configuration Action page.
Retain the existing server and click Next.
Click Next when the Processing Security Configuration Database page displays Processing complete.
On Role-Based Service Configuration page, click Next.
Ensure Remote SCW configuration and Analysis role are selected and clear the rest, then click Next.
Remote SCW Configuration and analysis role is required only when you want to manage the Security configuration centrally/remotely.
On the Select Client Features page, select the following and click Next.
On the Select Administration and Other Options page, select the following and clear the remaining options.
On the Select Additional Services page, select the following checked and clear the remaining.
On the Handling Unspecified Services page, select Disable the service and click Next.
Click Next on the Confirm Service Changes page.
Click Next on the Network Security page.
Select the following rules and clear the rest on the Network Security Rules page.
Core Networking – DNS (UDP-Out)
Core Networking – IPHTTPS (TCP-In)
Core Networking – IPHTTPS (TCP-Out)
File and Printer Sharing (SMB-Out)
Click Add and add the rules to allow incoming TCP for Backup/Sync port (e.g.2081) and Admin UI port (e.g. 2088) on all connections.
Click Add again and add the rule allow ICMP (ping) only from inSync Master and click Next.
Select the Skip this section on the Registry Settings page and click Next.
Select Skip this section on the Audit Policy page and click Next.
AuditPolicyPg2.pngClick Next on the Save Security Policy page.
On Security Policy File Name page:
Select Apply Now and click Next.
After the application is complete, click Next on the Applying Security Policy page.
Click Finish and restart the server.