Tech Fix Daily

Set Up Network Security and Segmentation Window servers

 

Absolutely! Below is a complete step-by-step guide for:

✅ 2. Set Up Network Security and Segmentation

(Including methods for GUI, PowerShell, and basic automation)
Covers:

• 🔒 Firewall Rules

• 👤 Least Privilege Access

• 🔐 Multi-Factor Authentication (MFA)

• 📊 Logging & Monitoring

---

🔹 Part 1: Configure Windows Firewall Rules (to Isolate Clients)

✅ Method A: Using Windows Defender Firewall with GUI

1. Go to Start > Windows Defender Firewall with Advanced Security

2. Click Inbound Rules > New Rule

3. Choose Custom, then:

   • Program: All Programs

   • Protocol & Ports: Specify (e.g., TCP, port 3389 for RDP)

   • Scope: Define Local IP & Remote IP ranges (e.g., client subnets)

   • Action: Allow or Block

   • Profile: All (or choose Domain/Private)

   • Name: Client1_RDP_Block or something descriptive

4. Click Finish

5. Repeat for Outbound Rules if needed.

🔁 Create different rules for each client IP subnet.

---

✅ Method B: PowerShell (Advanced)

powershell
CopyEdit
# Example: Block RDP (port 3389) for a specific subnet
New-NetFirewallRule -DisplayName "Block RDP for Client2" `
-Direction Inbound -Protocol TCP -LocalPort 3389 `
-RemoteAddress 192.168.20.0/24 -Action Block

You can adjust -Action Allow to permit traffic and define -RemoteAddress per client.

---

✅ Method C: Using Group Policy

1. Open Group Policy Management

2. Right-click the target OU > Create a GPO (e.g., "Client1 Firewall Rules")

3. Edit GPO > Go to:
   Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security

4. Define Inbound/Outbound rules same as in GUI

5. Link GPO to the client’s OU

---

🔹 Part 2: Enforce Least Privilege Access

✅ Method A: Group Membership

1. In Active Directory Users and Computers, create security groups per role:

   • Client1-Admins, Client1-Users, etc.

2. Add users to the least privileged group only

3. Apply file/folder/share/permission settings using those groups

---

✅ Method B: Group Policy Restriction

Use GPO to restrict tools and settings:

1. Open GPO Editor

2. Navigate to:
   User Configuration > Policies > Administrative Templates > Control Panel

3. Disable unwanted settings (e.g., Network Settings, Devices)

4. Use:

   • User Rights Assignment to limit administrative privileges

   • Security Options to deny access to Control Panel or CMD

---

🔐 Part 3: Enable Multi-Factor Authentication (MFA)

✅ Option A: Microsoft Entra (Azure AD MFA)

💡 Requires hybrid environment or Microsoft 365 plan.

1. Sync on-prem AD with Azure AD using Azure AD Connect

2. Assign licenses that include MFA

3. Enable MFA via:
   Microsoft Entra Admin Center > Security > MFA > Account Settings

4. Users will be prompted to set up MFA during login

---

✅ Option B: Third-Party MFA for RDP (e.g., Duo Security)

1. Create an account on Duo.com

2. Download the Duo Windows Logon Installer

3. Install on your Server 2022:

   • During install, enter integration key, secret key, and API hostname

4. Duo will now prompt for MFA during RDP login

You can assign different policies per client by user group.

📊 Part 4: Set Up Logging, Monitoring, and Auditing

✅ Method A: Enable Auditing via Group Policy

1. Open GPO Editor

2. Navigate to:
   Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration

3. Enable:

   • Logon Events

   • Object Access

   • Policy Change

   • Account Management

4. Apply GPO to the domain or specific client OUs

---

✅ Method B: View Logs

1. Open Event Viewer

2. Navigate to:

   • Windows Logs > Security

   • Applications and Services Logs > Microsoft > Windows > Security-Auditing

Use custom views to filter per event ID or user group.

---

✅ Method C: Install Monitoring Tools (Optional)

• 💼 Wazuh – open-source SIEM (agent-based)

• 🧩 Graylog, Splunk, or Sysmon – for deeper log analysis

• 🛠 Windows Admin Center – enables basic log view + notifications

---

📌 Summary of Tools Used