Best Practices for Microsoft Windows Server Security

Best Practices for Microsoft Windows Server Security

  1. Bhawani Singh
    The following text ahead has some useful tips for general security of a Microsoft Windows Server which Interacts with Public Internet.

    Rules for local firewall:

    Windows Firewall Protection is the only thing in between user's Private Information and Anyone who is using the Public Internet, for the Servers which has no Firewall Device and Interacts with the Public Internet. In this case you should disable as many firewall rules as you can. Disabling Rules means to give limited access of your server to anyone who is using Public Internet. By disabling the rules you let only a few ports open for a specific number of IP's (which are in your white-list). The changes in the firewall rule can be easily made via cloud control panel and for that logging into the server remotely and can add new IP address.

    In windows firewall you should open following port on Cloud Server for Web hosting:

    Port 80 - HTTP web application or IIS sites

    Port 443 - Web Applications with SSL or HTTPS Secure IIS Sites

    We also recommend that the following ports should be lock to protect from brute force attacks or exploitation attempts. Here is the list of ports below:

    Port 3389 - Remote Log into the Server or Remote Desktop Connectivity

    Port 21 FTP - Secure Data Transfer between Local Geographic Locations and Cloud Server

    Port 990 FTPS - Secure Data Transfer between Local Geographic Locations and Cloud Server Incorporating an SSL Certificate)

    Port 5000-5050 FTP - Passive Ports for FTP Communication

    1433 SQL - SQL Communication Default Port

    53 DNS - DNS Requests Default Port

    Check the Data / File Sharing:

    You should keep an eye on the available data to others while file sharing. You should not enable Windows File Sharing as this will open Port 445 and Port 139 on Firewall and unprotected the Server to undesirable Connection Attempts. Apart from file sharing you should also keep an eye on the permissions to other users for downloading and installing software packages on your server as software package installation raises the exposure of the Server to attacks.

    Strong Password Policy and Active Directory:

    You should use hard passwords which contains combination of at least 8-10 characters. The password must have uppercase letters, lowercase letters, numeric values and special characters (@, !, ^, #, &, $, * and %) in it. You should also set expiry dates for the passwords of your users as this makes your data more safe and secure. You should not use Active Directory on your Cloud Server because Active Directory creates issues in Cloud Server Environment and it is better to use Active Directory in Dedicated Server Environment. If you have a need and you Install Active Directory on your Cloud Server then you should run two Domain Controllers so that if one fails then the other makes your Server Secure. You should also lock down the DNS so that your server remains secure against DNS Amplification Attacks.

    Windows Updates, Codes and Server Backup:

    You should always enable the Windows Updates and also ensure that your Windows Operating System is Patched. You should adopt the best patching strategy so that your servers always remain up-to-date. Another attack which can suffer your Cloud Server is the "Code". To prevent Code Attack, you should ensure that each and every coding is properly checked, authenticated and authorized. Although all these tips makes your Cloud Server Secure but it is highly recommended that you always have a Disaster Recovery Plan (Server Backup Plan).