Microsoft’s Server platform can perform many different functions: Active Directory domain controllers, DHCP, DNS, IIS, File and Print, and on and on and on. The versatility of Microsoft server has also been counted among its weaknesses, because a large footprint means a large attack surface. However you’re using a Windows server, the rule of thumb should be to make that footprint as small as possible to operate as intended. So let’s get started how to secure windows server.
Microsoft has released regular patch knowledgebase which can be used as a guide to patch necessary security flaws. The best defense for windows server is regular update. When you create systems that store and retrieve data, it is important to protect the data from unauthorized use, disclosure, modification or destruction. Ensuring that users have the proper authority to see the data, load new data, or update existing data is an important aspect of application development. Do all users need the same level of access to the data and to the functions provided by your applications? Are there subsets of users that need access to privileged functions? Are some documents restricted to certain classes of users? The answers to questions like these help provide the basis for the security requirements for your application.
There are various security aspects that should be considered when configuring a server
DO NOT leave defaults itself. Change default password, Log files, Default permissions for sensitive data. By doing this, you can evade 90% of the great Google Dorks
2.Password policies and User configurations
This is the very first thing you want to do in a newly deployed server. Change the root password with a more complex one. Like, minimum 8 characters long and with a mix of upper, lower characters, number and symbols. You must define a password policy for the users defining Aging, Locking, History and Complexity of passwords. In most cases you should disable the root user entirely and create non-privileged user accounts with sudo access for those who require elevated rights.
3.Opened and Closed Ports
DO NOT leave unwanted ports opened to the external world. Even with a single sweep of nmap towards the ports, hacker can retrieve the services running in the server. At least you need to filter those particular ports.
4.Update installation For Operating System
DO NOT install patches or updates that are just launched. Wait 2 or 3 days to get a report and reviews about the patches. If you know what does the patches do, then go ahead install them. If you don’t know, then don’t… Wait for the report.
Eg: Patches released for Intel Meltdown vulnerability
5.Update installation for software components
Unlike the updates for operating system, software components must be updated as soon as the new versions are released.
Eg : Single outdated plugin can put your website in danger.
Configure your server to sync it’s time to NTP Servers. These could be internal NTP servers if your environment has those, or external time servers that are available for anyone. What’s important is to prevent clock drift, where the server’s clock skews from the actual time. Also filter the port number 123 with your necessary IP.
Windows server has a set of default services that starts automatically and run in the background. Many of these are required for the Operating System to function, but some are not and should be disabled if not in use. Following the same logic as the firewall, we want to minimize the attack surface of the server by disabling everything other than primary functionality. Microsoft old server versions such as 2003 and 2008 should be running more services than the newer version, which is not needed for its essential operation. Important services should be set to start automatically so that the server can recover without human interaction after failure
You must configure your server to record every event in the server and make sure the monitoring services are running properly. Adjust maximum size and duration of logging. Handling logs individually is overwhelming. Like syslog in the Linux server, a centralized event viewer for windows will help the troubleshooting.
Keep windows firewall turned on unless you are using an external firewall system. Keep a precise description for the rules created with its use and details.
10. Administrative Access Control Panels
Always Restrict administrative access to control panels from external IPs and careful not to use the username and password same as the local administrator of the server.
11. Port Numbers
It is better to change the default port numbers used by the applications to a different one and always keep a local documentation of the changed ports, just in case you forget.
We can easily prevent a complete meltdown of our server by auditing the system regularly up to and extend. By keeping a simple documentation of the basic configurations, you can stop the misconfigurations entirely or caught early enough to prevent them from turning into data breaches or other cyber incidents.
Thanks for dropping by. Ready for the next blog?