What is a security checklist?
9 minute(s) read
Published on: Jan 31, 2022
Updated on: Mar 24, 2022
To increase the security of Windows Server, vulnerabilities in the environment and applications must be identified and then fixed. For this purpose, a list or so-called security checklist is prepared that network administrators execute all its clauses one by one. Windows Server security checklist items are settings or arrangements that must be applied to the operating system. Checklist items are not always the same for all organizations/companies and vary depending on the tasks, policies, and priorities of each organization/company. By preparing a detailed checklist and then implementing its clauses correctly, the security of Windows Server and, consequently, the security of the network and the organization can be improved. Of course, upgrading Windows Server security alone is not enough, and network administrators must have a comprehensive plan to secure clients and network infrastructure.
Why is Windows Server Checklist important?
Microsoft says the level of security of an organization affects all members and affiliates of that organization. So it is dangerous for organizations to be lack security. Sometimes a security attack disrupts the usual performance of a website. The sooner you notice an attack, the better you can face it, and you also may reduce its effects. Hackers and cyber attackers usually start their work with research. They first find vulnerabilities in your network or work environment, then start their attack. After the attacker has penetrated the environment, they look for a closer way to get their target in the way called lateral movement. For example, an attacker may try to increase their access level to take control of the organization within a short period (usually 24 to 48 hours after the first intrusion). Your goal in preparing and executing the Windows Security Checklist is to identify and respond to such attacks as soon as possible. The later the attacker is identified, the more damage they can do and the harder to get them off the net.
By running Windows Server security checklist clauses, you try to increase the time it takes for an attacker to take control of the network, from a few hours to a few weeks or even months. The longer this time takes, the more likely it is to detect the attacker. To do this, you must stop the attacker when they are trying to get into your system and increase the security of your systems. You can then detect the attack by upgrading your system to various warning signs and responding to the attack by removing the damaged identities and systems.
An example of a Windows Server checklist
- Have a record of each server's inventory. This record documents the configuration minimums and records any changes to the server.
- Thoroughly test and evaluate any server hardware or software changes before making any changes.
- Regularly estimate risks. Use the results of this estimate to update your risk management plan. Have a prioritized list of all servers to ensure that security vulnerabilities are fixed on schedule.
- Keep all servers at the same level of review.
- Windows Server Preparation
- Protect newly installed computers from network traffic until the operating system is installed and upgraded. Enhance all-new DMZ servers that are not connected to the Internet.
- Set a password for the BIOS/firmware to prevent unauthorized changes to the startup server settings.
- Disable automatic login with admin account in Recovery console.
- Adjust the boot order of devices to not boot unauthorized and automatically from other media.
- tips on installing Windows Server
- Be careful not to shut down the system during the installation process.
- Use the Security Configuration Wizard to configure the system based on a specific role.
- Ensure all proper patches, immediate repairs, and service packages are applied properly. Security patches fix known vulnerabilities that attackers may exploit to infiltrate the system. Immediately after installing Windows Server, update it with WSUS or SCCM with the latest patches.
- Enable the ability to automatically announce the release of new patches. Whenever a patch is released, it should be immediately analyzed, tested, and installed using WSUS or SCCM.
- Strengthen account protection in Windows Server
- Make sure your management and system passwords are standard and robust. Be especially careful not to use meaningful words or dictionaries in the password of privileged accounts (accounts with a high level of access). Each password must be at least 15 characters long and contain a combination of letters, numbers, special symbols, and invisible characters (such as CTRL). Change all passwords every 90 days.
- Set up Group Policy to block accounts according to the suggested best practices.
- Do not allow users to create a Microsoft account and log in to computers with it.
- Deactivate the guest account.
- Anonymous users should not be allowed to grant Everyone permission.
- Do not authorize anonymously to count SAM accounts and shared data.
- Disable SID / Name translation anonymously.
- Deactivate or delete unused accounts immediately.
- Network configuration
- Activate the Windows Firewall in all profiles (domains, private, public) and configure it to block incoming traffic by default.
- Enable port blocking at the network settings level. Find out which ports should be open. Restrict access to all other ports.
- Your settings should be such that only authenticated users can access any computer from the network.
- Do not authorize any user to act as part of the operating system.
- Do not allow guest accounts to log in as a service, log on as a batch job, log on locally or via RDP.
- If RDP is used, increase the encryption level of the RDP connection.
- Delete the Enable LMhosts lookup option.
- Configure both Microsoft Network Client and Microsoft Network Server to always have their communications digitally signed.
- Disable the sending of unencrypted passwords to third-party SMB servers.
- Eliminate the ability to share files and printers from the network. File and printer sharing allows anyone to connect to a server and critical access data without a username or password.
- Ensure the safety of sensitive data
Restrict access to sensitive data and the place it is stored. Consider separate storage for this crucial data and ensure it is not stored on the laptop.
- Review and edit domestic policies
- Check the servers
Check that your server settings are set correctly. Check DNS and WINS servers, binding commands, fixed add allocation, and backup network services. In addition, make sure all network software is up to date.
- Check reports
Prevent errors by creating mandatory and comprehensive training processes so that employees and customers can operate safely. Also, use software automation to keep track of reports for updates, patches, firewalls, and new devices. The best way is to remove inactive devices from the system.
- Perform regular network audits
Audits should be conducted once or twice a year to reduce the risk of cyber threats. Make it a normal part of your system maintenance routine. It is up to you and your security team to understand and execute these processes. If this checklist sounds daunting, the computer pioneer is here to help. Pioneer Computer can help you with a security platform involving all the people, processes, and tools needed to reduce cyber threats.
- Secure Internet access
Data encryption, malware scanning, bandwidth limits, and port blocking are all potential measures to ensure employees have secure access to and interaction with wireless networks.
- Penetration test
Perform static testing to check for high levels of vulnerability in your applications and dynamic testing for more specific system findings. Find all possible access points and remove the unauthorized points in your system.
- Access control
Every non-virtual user should not have access to your network. To prevent potential attackers, you need to know each user and device. You can then enforce your network security policies to prevent unauthorized access. You can block incompatible endpoint devices or restrict access to them only. This is a network access control (NAC) process.
- Prevent data loss
Organizations need to ensure that their employees do not send sensitive information offline. Data loss prevention or DLP technologies can prevent people from uploading, transmitting, or even printing important information in an unsafe way.
Firewalls create a barrier between your trusted internal network and unreliable external networks such as the Internet. They use a set of defined rules to allow or block traffic. A firewall can be hardware, software, or both. Cisco offers integrated threat management (UTM) devices and next-generation threat-focused firewalls (NGFW).Click to analyze your wesbite SEO