![]() ![]() This IP should be in a protected segment, behind a firewall. Production servers should have a static IP so clients can reliably find them. Old passwords account for many successful hacks, so be sure to protect against these by requiring regular password changes. Account lockout - how many failed password attempts before the account is suspended.Password history - how long until previous passwords can be reused.Password expiration - how long the password is valid.Complexity and length requirements - how strong the password must be.Either way, a good password policy will at least establish the following: ![]() Stand alone servers can be set in the local policy editor. If your server is a member of AD, the password policy will be set at the domain level in the Default Domain Policy. Use a strong password policy to make sure accounts on the server can’t be compromised. Double check your security groups to make sure everyone is where they are supposed to be (adding domain accounts to the remote desktop users group, for example.)ĭon't forget to protect your passwords. None of the built-in accounts are secure, guest perhaps least of all, so just close that door. Verify that the local guest account is disabled where applicable. Either way, you may want to consider using a non-administrator account to handle your business whenever possible, requesting elevation using Windows sudo equivalent, “Run As” and entering the password for the administrator account when prompted. You can either add an appropriate domain account, if your server is a member of an Active Directory (AD), or create a new local account and put it in the administrators group. With that account out of the way, you need to set up an admin account to use. There are very few scenarios where this account is required and because it’s a popular target for attack, it should be disabled altogether to prevent it from being exploited. Furthermore, disable the local administrator whenever possible. Modern Windows Server editions force you to do this, but make sure the password for the local Administrator account is reset to something secure. Details on hardening Linux servers can be found in our article 10 Essential Steps to Configuring a New Server. Many of these are standard recommendations that apply to servers of any flavor, while some are Windows specific, delving into some of the ways you can tighten up the Microsoft server platform. ![]() Specific best practices differ depending on need, but addressing these ten areas before subjecting a server to the internet will protect against the most common exploits. UpGuard presents this ten step checklist to ensure that your Windows servers have been sufficiently hardened against most cyber attacks. Whether you’re deploying hundreds of Windows servers into the cloud, or handbuilding physical servers for a small business, having a proper method to ensure a secure, reliable environment is crucial to keeping your ecosystem safe from data breaches.Įveryone knows that an out-of-the-box Windows server may not have all the necessary security measures in place to go right into production, although Microsoft has been improving the default configuration in every server version. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |