Information Security
hardening server documents
Updated Thu, 25 Aug 2022 04:25:59 GMT

Forefront Identity Management Server Hardening


Is there a good document for hardening FIM? I've tried CIS and NIST, but I couldn't find anything. If there is no such document, what would I have to look out for in the configuration?




Solution

I haven't seen such a document before. FIM uses security groups for controlling access to the synchronisation engine and sets for the FIM service. My suggestion is to use AD security groups for the synchronisation engine that way you can utilize AD auditing to monitor the security groups.

By default the FIM service uses a least privilege approach and you can monitor request history which will highlight set membership changes and successful / rejected requests.

Apart from this FIM is deployed on Windows server, Sharepoint (wss / foundation ) and SQL server, so be sure to harden these components as well.