MICROSOFT PROXY SERVER SECURITY CHECKLIST

The following checklist provides a baseline configuration for Microsoft Proxy Server. It does not specify organizational security policy. This must be determined individually by each organization. Deviation from this checklist should be justified by the organization's requirements, and documented in the Comments Section.

ProcedureYesNoN/AComments
 
Install MS Proxy Server in an NTFS partition separate from the NT Server OS    
Enable IP Forwarding check box in the Network application should not be selected.    
Use NTFS volumes.    
Run only the services you need.    
The host server should be a standalone member server, not a domain controller.    
In the TCP/IP Configuration, references to DNS servers and to gateways should be removed.    
The FTP server in IIS should be disabled or not installed at all.    
Unbind unnecessary services from the NIC.    
Check permissions on network shares.    
No other applications should run on the host server.    
All network drive mappings on the host server should be disabled.    
Enable auditing.    
Limit the membership of the Administrator group.    
Enforce strict account policies    
Disable the following external TCP/IP ports:
  • 47
  • 137-139
    
Install all approved Service Packs and patches.    
 
WinSock Proxy Service
  • Service tab Limit the configuration of the LAT to the range Of addresses in the internal network
  • Permissions tab Enable access control; Grant access to protocols Necessary for operating the Organization
  • Logging tab Logging enabled; Regular logging selected; Log to File selected; Automatically open new log (daily) selected
  • Filtering tab Apply the Organization filtering policy
    
 
Web Proxy Service
  • Service tab Limit the configuration of the LAT to the range Of addresses in the internal network; Internet publishing not enabled
  • Permissions tab Enable access control for all protocols; Access granted to selected users
  • Logging tab Logging enabled; Regular logging selected; Log to File selected; Automatically open new log (daily) selected
  • Filtering tab Apply the Organization filtering policy
    

B. Use the Administrator's Handbook to determine how to perform the verification.