Unless you’ve been living under a rock, you’ve probably heard about the numerous recent security breaches that have hit users and organizations all over the world. Having all your vital data and information leaked on the Internet is a scary thought, right? Well, Windows Server administrators sure seem to think so, and a global search is underway for strategies that ensure the security of their enterprise. But amid the growing fears, there still isn’t any single course of action that guarantees total protection against breaches or hacks. All is not lost, though. Administrators can still adopt certain measures that minimize risks and add layers of security to their Windows Server enterprises.
If you’re looking for some basic security tips to remember during the installation of Windows Server, then this article is for you. You are free to apply these tips to any server that will be interacting with the Internet.
Does your server lack a firewall? If yes, then you’re in big trouble. Remember, a Windows firewall is the only thing protecting your private data and server resources from a person with online connectivity, and it would be unwise not to enlist this software protection. The more rules you disable, the fewer ports you leave open. This means lowering the degree of exposure to anybody who’s attempting to gain access to your server over the Internet.
Before opening any ports (no, this has nothing to do with the Port of L.A. or San Diego and so on), you need to limit access to the server by using specific rules to whitelist IP addresses. One caveat: A lot of users have an account through their Internet Service Providers (ISPs) with dynamic IP addresses that can change from time to time. If that happens to a trusted account you whitelisted, they won’t be able to get past your firewall until you whitelist their new IP address.
When an IP address is added from your office or home computer, it becomes easier to make changes to the firewall on the go by accessing the server through the Control Panel, and logging in remotely through the console to add a new IP address. When access to the server becomes limited due to the whitelisting of IP addresses, it becomes simpler to ensure that those who require access to the server are allowed past the firewall, while those who don’t get blocked from the open ports.
When sharing files, make sure you understand just how much data is available to others.
Windows updates should never be disabled, and you should check up on the state of your server on a regular basis. Patching your Windows OS is something you need to do, and you should be mindful of Patch Tuesday. This typically takes place on the second Tuesday of every month in North America, and is the day when most security patches by Microsoft are released. Do not worry, they have not been held in captivity or anything, but they are eager to do what they have been designed to do.
It is left to the discretion of the customer how best to develop a patching strategy that will ensure their server remains updated. Downloading the patches is usually not quite enough. Most windows updates require you to reboot the computer before they can take effect.
Your entire server is only as strong as your weakest password. This explains the reason why strong passwords are so important. So, what constitutes a “strong” password? For starters, it must be 8 to 10 characters, and include both lowercase and uppercase letters, special characters (this has nothing to do with Ace Ventura or any other Jim Carrey characters!), and numbers. It could potentially be dangerous if you employ simple passwords, especially in the case of cloud servers that are available over the public Internet.
This is why it’s ideal to set an expiration date for the password of each user. Even though it might seem troublesome and most employees hate doing this, such inconvenience is a small price to pay for increasing the security level of your data.
It is helpful if you keep the server username as the default “Administrator.” However, keep an eye out on who’s accessing the server through this account. If more than one user requires server access, you can create individual accounts with administrator access. It becomes easier to keep track of users via the specific user accounts in log files than deciphering numerous log file entries under the Administrator account.
If you find multiple accounts of failed login attempts, it might be indicative that someone wants to hack into your server. If any users are logging in via Remote Desktop Connection, you need to make sure that they don’t just close their RDC windows, they must and should do more. They should log off as well so that used resources are freed up, leaving the session open on the server. This is like leaving the basketball on the court so the next group can play.
A disaster recovery plan should always remain in place. In the case of Windows Server installation, the best option is to take a snapshot of the server and store the image in Cloud Files so that it can be used to rebuild the whole existing server from that image or create new server instances.
Always check whether such backup tasks are executed successfully or not, and also the validity of the backups. The process of creating a new server instance using a Cloud Image is helpful for checking whether the image is good, and the restoration of a file from Cloud Backups assists in verifying that the data being backed up is in a state where it can be restored.
The process of beefing up security during Windows Server installations is not simple. Users might have specific needs that must be addressed when leveraging Cloud Server products to meet their hosting requirements. However, the above-mentioned recommendations are an ideal place to begin when you’re seriously considering improving the security level while installing Windows Server.
Photo Credit: Flickr/Blogtrepreneur
You may not know it, but System Center Virtual Machine Manager can be used for…
As we adjust to a new remote work culture due to coronavirus, a secure VPN…
Every Exchange admin lives with the constant fear their system will be breached. Having SPF,…
A GE data breach exposed a hacker’s treasure trove of employee records, including Social Security…
Ready to go back to the future? Here’s a look at some Linux text editors…