Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Securing My Infrastructure: Introduction

Securing My Infrastructure: Introduction

  • Comments 6
  • Likes

As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that you would like to get more information how to secure and run an infrastructure – the usual ask for "best practices".

Well, there are a lot of best practices out there. Be it from us on the Microsoft website or from third parties. However, they seem not to fit the need directly for you. So, what can I do? Give you some additional best practice? Well, this will not fulfill your need neither – most probably. And what is the reason for that? Well, you are unique! Your situation is unique, your assets are unique and your risk appetite is unique.

I tried to think of what could be valuable for you and am thinking that I could tell you, how I secure my environment at home in my lab. You will wonder what this has in common with the environment you have in your company. This is a valid question. Let me give you some ideas about the infrastructure I am running in the lab:

The following server roles are on place:

  • Domain Controller
  • Firewall
  • Radius Server
  • Mail-Server
  • SharePoint
  • Database-Server
  • File-Server
  • NAS
  • Operations Manager
  • AV-Console
  • Patch Management Server
  • Virtual Server

And, yes – there are a few clients as well J. So, I am running an IT of the size of a small and medium business – not completely with the same requirements but this is the environment I am trying to collect as much experience as possible and implement a lot of "best practices".

So, I will start to give you some insights into how you could use or technology (did I tell you already that everything is on Microsoft technology?) to secure and operate such an infrastructure. I will do it as long as…

  • … you are actually reading it
  • … the number of additional attacks I see in the logs does not grow significantly

If there is any question you would like to me address, drop me a mail or a comment.

Looking forward to your feedback


  • Roger,

    It would be nice to know how the complete infrastructure is being build and which roles are on which servers.  I have build a similar test setup using only microsoft products on 3 physical servers running virtual server (now replaced by hyper-v). The problem i mostly encounter is that not all products are running on the new 2008 platform or on a 64 bit platform.



  • Looking at Jacks comment to my initial post this morning ( Securing My Infrastructure: Introduction )

  • Hi Roger,

    Intrusion Detection/Prevention and ProxyServer is missing i guess?



  • This is a follow-up of my last post about how I secure my environment. If you want to read the start

  • Well, this is a follow-up of my last posts about how I secure my environment. If you want to read the

  • thank you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment