Story image

How to secure your server

01 Oct 10


1.      Enable
automatic notification of patch availability and install latest service patches
and hot fixes from Microsoft.

This would require checking
with your POS vendor if this would be an acceptable practice.


2.      Scan
for vulnerabilities no less than on a monthly basis.

This can be achieved through
installing scanning applications like Nexpose from Rapid7 ( or through outsourcing to a
specialist scanning vendor like Qualys (


3.      Services,
applications and user accounts that are not being utilised should be disabled
or uninstalled.

Numerous tools to analyse and
tweak running applications and services exist.


4.      Use
the Internet Connection Firewall or other methods (via software or hardware) to
limit connections to the server.


Configure event log settings (common methods for
Server 2003 & 2008 are available on the web).

attention should be given to the security log. 100mb is a suggested minimum,
but high-volume services may require additional storage. Ensure at least 14
days of security logs are available to be able to determine the course of
events in the case of an incident.


6.    Configure user
rights to be as secure as possible.

attempt should be made to remove Guest, Everyone, and ANONYMOUS LOGON from the
user rights lists.


7.    Use full disk
encryption to ensure that information resident on stolen/retired servers
remains confidential.

such as PGP ( and TrueCrypt ( are popular options.


8.    If the machine is
not physically secured against unauthorised tampering, set a BIOS/firmware
password to prevent alterations in system start-up settings.


9.    Configure a
screen-saver to lock the screen automatically if the server is left unattended.


10.  Disable Remote
Desktop connection (RDP) capabilities if you do not intend on maintaining your
server with this method.

* For more advice about office computer security, see the November issue of Start-Up, on sale now, or click on Subscribe Now link (top right).