A security suite for Windows server 2012? Any suggestions?

[ravi prakash saini]

Hello fellow members
I need your advice regarding security suite for Windows server 2012. It should be setup and forget type, and have a competitive price also.
May I also request you all to keep in the mind I do not have any experience regarding server edition of Windows

 

[BoraMurdar]

F-Secure, ESET, Kaspersky and Sophos have some good security products for Windows servers, just, keep it mind that, server needs a constant administrator(s) monitoring so "setup and forget" type could backfire easily.

 

[In2an3_PpG]

The company i work for uses Vipre Business. We hardly ever touch it other than to add or remove clients. As for pricing i'm not really involved in pricing but it does not seem too outrageous.

We have about 25 servers ranging from 2008 to 2012 (soon an addition of a new Domain Controller running 2016) that have vipre installed. I'd say over the past 5 years we have used them, only once or twice have we needed to log into the dashboard to make exclusions or changes to some of the servers. Light footprint. Id say its pretty much set and forget. Which is what i believe the company aims for.

 

[212eta]

Kaspersky has been reliable enough for many Windows Servers.

 

[ravi prakash saini]

thanks for the help I will install trial version of F-Secure, ESET, Kaspersky , Sophos and viper to check which suit most to our server.
thanks again for reducing my work casue I will have to check only 5

 

[509322]

thanks for the help I will install trial version of F-Secure, ESET, Kaspersky , Sophos and viper to check which suit most to our server.
thanks again for reducing my work casue I will have to check only 5

You are better off configuring software restriction policies via Group Policy. I know it is a pain.

It depends somewhat upon what features and roles you will be installing.

If you aren't going to run a ton of scripts, then lock all that stuff down. Servers are typically breached - and then all the usual stuff (cmd, powershell, etc) is abused to go laterally in the network.

Emsisoft Antimalware for Servers is $100 U.S.

I am not sure, but perhaps the CylancePROTECT $60 license will work on Server 2012 R2.

 

[ravi prakash saini]

@Lockdown server will be connected to around 10 system through LAN and none of these system including server will be contacted to internet .my main concern is infection through usb drive

 

[509322]

@Lockdown server will be connected to around 10 system through LAN and none of these system including server will be contracted to internet

So using only LAN and server will be for file sharing.

Server and workstations > not connected or never will be connected to the internet ?

However, workstation users will load stuff onto the server ?

People will connect USBs, etc to the workstations ?

 

[ravi prakash saini]

@Lockdown yes,people will connect usb to workstation
workstation user will load and offload data from server
server and workstation will see the internet for updates and during that time they will not be connected to each other

 

[509322]

@Lockdown yes,people will connect usb to workstation
workstation user will load and offload data from server
server and workstation will see the internet for updates and during that time they will not be connected to each other

What will workstations be used for - coding\development, office\productivity ?

If productivity, which office suites\programs will be used - and will macros be used ?

You have a problem with infected USBs in your part of the world - it's a big problem ?

You plan on\expect to run scripts heavily on server ?

 

[ravi prakash saini]

coding\development, office\productivity ?
for gps processing
If productivity, which office suites\programs will be used - and will macros be used ?
MS Office 2007 for making report and macros will not be used
You have a problem with infected USBs in your part of the world - it's a big problem ?
this is my biggest problem
You plan on\expect to run scripts heavily on server ?
we will run script heavily

 

[509322]

coding\development, office\productivity ?
for gps processing
If productivity, which office suites\programs will be used - and will macros be used ?
MS Office 2007 for making report and macros will not be used
You have a problem with infected USBs in your part of the world - it's a big problem ?
this is my biggest problem
You plan on\expect to run scripts heavily on server ?
we will run script heavily

for gps processing = global processing services ?

You want protection for server-only or one that includes workstations also ?

You will be writing the scripts ? (Don't just grab scripts off the net without auditing them first before using - there are malicious scripts on GitHub, Pastebin, elsewhere.)

You know how to digitally sign scripts ?

Your boss make you IT security czar and everybody must do as you say - and boss will not over-rule your decisions ?

What are the most common types of USB malware that you know of or see regularly ?

You will use terminal services\RDS to remotely connect from server to workstations or workstations to server ?

What kind\type of scripts do you plan\expect to run ?

 

[ravi prakash saini]

1 locally installed software on workstation
2 for server only workstation are protected with quick heal total security
3 scripts those come with gps processing software just to use cpu and ram of the server no self written or downloaded scripts
4 I am IT security czar that is why I am bothering you
5 usb malware who hides folder
6 just to dump gps data to server and to retrieve it to workstation
server will have MS Office and security suite only
workstations are having Trimble business center ,Leica geo office ,Bernese 5.2 and MS Office

 

[509322]

5 usb malware who hides folder

Resides or creates a hidden folder on the USB even when you set Windows to Explorer to show hidden files, extensions, and protected system processes ?

Or when the malware is launched it messes with Explorer view properties and turns off the settings you made in View ?

Autorun.inf malware ?

 

[ravi prakash saini]

Resides or creates a hidden folder on the USB even when you set Windows to Explorer to show hidden files, extensions, and protected [/QUOTE
So far not encountered some praiseworthy usb malware they are very easy to remove but anytime some genious malware can accomplish its task
can you give some suggestions if I encrypt the data files on server
main concerns is data files they should not be deleted or encrypted by malware

 

[509322]

Send me a PM here at MT. I will help you. It might take a few days. I will need some more details.

Based upon what you have told me, you want only data files\document files to come off the USB onto the system. If you control what the USB can and cannot do when connected to the workstation, then most of your problem is solved.

You can use freeware USBFlashDrive Control from Binisoft.org. Set it to Read-Only mode on the workstations. Users can copy documents\database files and paste them to the workstation. They cannot open anything from the USB itself.

The problem is that you cannot password protect the settings - so you will have to teach users not to mess with the settings. If you do not explain anything else, they probably will not figure out that you have to disconnect and reconnect it after making a policy change. So they probably will not figure out how to change the settings.

Also, they cannot copy the entire drive contents and paste to the workstation - they must copy-paste only the specific files that they need. So there is some reliance on the workstation user always doing the right thing.

Also, there is freeware SRP that you can install on workstation windows. Set up policies to prevent launches on USB and desktop other than documents\database files. This is added protection when the user gets lazy and just copies the entire USB contents to the desktop or other user space location.

That way you have a primary, secondary and tertiary protection in-place = Binisoft USBFlashDrive Control, SRP and Quickheal.

I assume you will have workstations set to use Standard User Account with enforced, password protected UAC.

As for server protection I will need more details and have to think on it. A lot depends upon what kind of scripts the softs employ - .ps1, .js, .bat, .wsf, etc, etc.

 

[ravi prakash saini]

@Lockdown i am grateful to you for your patience and time .i will try to write everything in details and then pm you.
time is not the problem if you are having tight shedule I can make everyone in the office to wait even for months
I am IT czar courtesy to you all

 

[509322]

@Lockdown
I am IT czar

It is good to be king... but the king has a king's problems = problems most people do not want to be responsible for fixing.

I would settle for king - if they paid me a king's wages = collected taxes on the entire kingdom.

Big kingdom = big taxes = I'm rich !