How to Make Your Windows server More Secure
One of the most important matters which worries poeple while using a virtual server is the security. Here we will try to present some useful tips to increase the security in windows virtual servers.
Disable default administrator account and create a new user with administrator permissions
Your Windows VPS hosting provider installs the OS and creates a default administrator account. This is quite usual and typical. The drawback is that your account can easily be attacked. The attack is usually done by bots trying to login with brute-force. Well, this is easy and simple to prevent: you just have to disable default administrator account and then, create a new user with full administrative privileges. You should choose complex usernames to secure windows VPS. Hence, you should create a new administrator account with random letters.
Use Strong Passwords
Many users pick easy-to-remember passwords for their sites and due to this negligence they pose a real threat to their site. You must use a combination and multiples of numbers, upper and lower case letters and special characters.
Here is an example: M@j7Wo0S3
Lock down your Remote Desktop ports
Lock down access to Windows Remote Desktop to specific IP’s like your home or office (Note that you will need a dedicated IP to utilize this feature) and change the default listening port from 3389 to a five digit long randomly picked number. These settings can be changed through the Advanced Windows Firewall options.
Use Windows BitLocker Drive Encryption
Windows BitLocker Drive Encryption secures the operating system booting process and prevents unauthorized data mining. BitLocker Drive Encryption works even when the server is not powered on! It’s a very effective anti-hacking tool against malware.
Install antivirus in your Windows server
The importance of an antivirus to secure your server is clear. You can start with the Essentials, a free and robust option by Microsoft. It auto-updates itself with the latest definition. It also offers real-time protection to your server. An antivirus protects you from almost all online security threats which firewall lets through, however combining both is best in securing Windows server.
Intrusion Detection System (IDS)
An intrusion detection system or IDS is like a burglar alarm on your Windows Server. It keeps a record of when & which files were changed and alerts you of any new alterations. This is critical because hackers usually try to replace binary applications. Apply IDS to save your server from such threat.
Use of Microsoft Baseline Security Analyzer (MBSA)
MBSA is a free application to determine missing security updates and vulnerable security settings within Windows. It not only provides detailed insights on vulnerable components and settings, but also lists possible measures to secure the server.
Enable a Bastion Host
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The idea of a bastion host is to prevent direct access to your server from the public network and minimize the chances of penetration. The computer generally hosts a single application, for example, a proxy server and all other services are removed or limited to reduce the threat to the computer. It usually involves access from untrusted networks or computers.
Keep Windows Updated
And finally always keep your windows updated. This is one of the simple ways to help keeping your server secure. You can either configure Windows Update to notify you when a new update is available or allow it to download and apply the update automatically.