Preparing a Windows server for a SDR
If you're preparing your Windows server for a Security Design Review (SDR), one of the key steps involves facilitating a Nessus vulnerability scan by the Information Security Team. To ensure this scan runs successfully, you'll need to make specific changes to the Inbound Rules in your Windows Firewall.
Access Windows Firewall Settings:
Go to the Control Panel on your Windows server.
Click on 'Windows Firewall' and then select 'Advanced settings'. This will open a detailed settings panel for firewall configurations.
Locate Inbound Rules:
In the Advanced settings, navigate to the 'Inbound Rules' section. This is where you'll modify rules to accommodate the Nessus vulnerability scan.
Enable Key Rules:
Within the Inbound Rules, scroll to find the Windows Management Instrumentation (WMI) rules.
Specifically, enable the following rules: 'Async-In', 'DCOM-In', and 'WMI-In'. These are essential for the Nessus scan to communicate with your server.
Ensure that these rules are enabled for the Domain Profile.
Limit Rules to the Nessus Server:
Right-click on each of the rules you have just enabled (Async-In, DCOM-In, WMI-In).
Choose 'Properties' from the context menu.
In the Properties window, select the 'Scope' tab.
Under 'Remote IP address', choose 'These IP addresses'.
Click 'Add' and enter the IP address for the Nessus server (e.g., 172.16.76.66).
After adding the IP address, click 'Apply' and then 'OK' to save your changes.
By following these steps, you’ll have successfully configured your Windows server's firewall to support the Nessus vulnerability scan, which is a critical component of the SDR process. This setup ensures that the Information Security Team can conduct their review efficiently and effectively.