Apply Appropriate File Acls; Table 5 Required Program Exceptions - Cisco TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0 Configuration Manual
Hardening windows server 2003 for cisco tms 13.0
Hide thumbs
Also See for TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0:
- Troubleshooting manual (16 pages)
Table of Contents
Advertisement
Port
Protocol
162
UDP
389
TCP
443
TCP
636
TCP
4444
TCP
8989
TCP
In addition, exceptions have to be made for some of the Cisco TMS services to ensure that incoming
traffic on the ports that Cisco TMS services listen to are not blocked.
1.
Click Add Program.
2.
Click the browse button.
3.
Navigate to [INSTALLDIR]\TANDBERG\TMS\Services, where INSTALLDIR is the directory
where you installed Cisco TMS.
4.
Select the service .exe files as shown below.
Table 5 Required program exceptions
Service executable
TMSDatabaseScannerService.exe
TMSLiveService.exe
TMSPLCMDirectoryService.exe
TMSSNMPService.exe
If you are using Remote Desktop for remote management of the server, you need to add an exception
for port 3389/TCP. This is, however, a security risk. If practical, you can reduce this risk by only
allowing traffic on port 3389 from particular IP addresses or the local subnet. This is done by selecting
the exception and clicking on Edit and then Change scope.
Apply appropriate file ACLs
A clean install of Windows Server 2003 has secure ACLs on the file system. To secure the server
even further give the following access permissions to the different user groups. Verify the settings
against this list. Do not set Root(\) permissions recursively, as this will have the undesired effect of
permissions being inherited by all sub directories.
Note: SQL Directories will vary based on your installation so full paths are not shown here.
Directory
Root (\)
(...)
\Program Files (...)
\<sql
directory>\MSSQL.1
\<sql
directory>\MSSQL.1\MS
Cisco TMS Secure Server Configuration Guide 13.0
Service
SNMP traps
LDAP
SSL over HTTP
Secure LDAP
OpenDS Administration
OpenDS Replication
Ports listened to
8086/TCP and 1025/TCP
8085/TCP
3601/TCP
2009/UDP
User/Group
1) LocalMachine\Administrators
2) SYSTEM
3) LocalMachine\Users
1) LocalMachine\Administrators
2) SYSTEM
1) LocalMachine\Administrators
2) SYSTEM
3) SQLServer2005MSSQLUSER$Computer
Name$InstanceName
1) LocalMachine\Administrators
2) SYSTEM
Securing Windows Server 2003 tasks
Permission
1) Read & Write
2) Read &Execute
3) Read
1) Full
2) Full
1) Full
2) Full
3) Read &Execute
1) Full
2) Full
Page 18 of 34
Advertisement
Table of Contents
Need help?
Do you have a question about the TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0 and is the answer not in the manual?