Security is a compromise between usability and peace of mind. Some customers may prefer usability and only use lightweight security for small game servers, which allow quick access from any location. For higher peace of mind and security, others may lock the server completely, reject any access to the server and allow Remote Desktop connections via Serial Console only when needed.
Security measures may vary depending on server usage. Server security can only be managed by the machine administrator and should be one of the first priorities when configuring the server. It’s easier and more convenient to lock the server almost completely before setup, and change security settings when more services are installed and configured. This way, you can keep the server secure from the start and allow the security exception for certain services, applications or ports that require network transmission.
Below are some common and suggested security measures to employ which will increase the security of the server significantly while offering almost the same usability of the server.
Change Administrator Password
It is highly suggested that you Change the Windows Administrator Password of the machine upon first logging into the server via Remote Desktop.
Set Password & Account Lockout Policies
The Password policy can be set to define password rules for Windows users, while Account Lockup Policy defines rules to lock accounts after multiple passwords fail to be entered. This is a good idea to make sure all users choose a strong password and / or choose a new password after the specified time period as well as to prevent violation logging attempts via Remote Desktop.
Rename Administrator User
Administrator user is the default user for all Windows Server operating systems and almost all violent password attacks will try to gain access as this user. Although you may be able to set Account Lock Policy for all other users, Administrator users are excluded from this setting and can not be locked.
Make Use of Firewall
All dedicated servers come with configurable external firewalls. Control Panel other than the Windows software firewall and IPSec service, both can be configured via the operating system.
Keep Server Up-to-Date
Keeping both the operating system and software up to date with the latest versions/hotfixes/patches/updates ensures that any known vulnerabilities are not exploited on your server.
Preventing malicious actions to, on, or via your server are the main priority however don’t forget to plan for recovery of the server if something were to happen (no matter how secure the server may be). Even if the server were not compromised, data loss can still occur via user error or hardware failure.
Feel free to contact E-SPIN for the solution for your system and operation to reduce risk of your businesses and organization. We can secure and protect your businesses with our various software security technology, as well as handling of your server security concern.