How To Secure Windows Server From Attackers

A Security is a first thing for any server. You can make secure your server from attackers with server hardening. Take some important steps and reduce risk of vulnerabilities.

  • Windows Firewall should be enable and open require port only.

Windows Firewall

  • Set recommended protocol through IIS Crypto 2.0 application.
  • Disabled weak ciphers and SSLv2, SSLv3, TLSv.1.0 protocol as these are out dated and no more for support.

iis-crypto

  • Enable Network Level Authentication for secure RDP connection.

NLA

  • Enable “Set client connection encryption level” and set High Level encryption level to encrypt remote connection

Encryption Level

  • Enable “Microsoft Network Server: Digitally sign communications (always)” for secure communication for SMB packet signing.

SMB

  • Enable “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”

FIPS

  • License antivirus should be install
  • Enable Audit Policy
  • Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\
    • Credential Validation — Success and Failure

    Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\

    • Computer Account Management — Success and Failure
    • Other Account Management Events — Success and Failures
    • Security Group Management — Success and Failure
    • User Account Management — Success and Failure

    Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\

    • Logoff — Success
    • Logon — Success and Failure
    • Other Logon/Logoff Events — Success and Failure
    • Special Logon — Success

    Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\

    • Audit Policy Change — Success and Failure
    • Authentication Policy Change — Success

    Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use\

    • Sensitive Privilege Use — Success and Failure

    Retain events for at least 15 days

    • Application: Maximum log size — 163840 KB
    • Security: Maximum log size — 983040 KB
    • Setup: Maximum log size — 163840 KB
    • System: Maximum log size — 163840 KB

Note:- If you are getting any issues with your hosted application after server hardening, enable TLSv1.0 and disable FIPS Policy. But open TLSv1.0 is a vulnerability so you need to discuss with your developer for this. All application should be working with TLS.1.1 or above version.

You Must Also Read

IDCOM got error “1068” attempting to start the service netprofm with arguments “Unavailable” in order to run the server

Leave a Reply

Your email address will not be published. Required fields are marked *