Story image

How to secure your server

01 Oct 10

1.      Enable
automatic notification of patch availability and install latest service patches
and hot fixes from Microsoft.

This would require checking
with your POS vendor if this would be an acceptable practice.

2.      Scan
for vulnerabilities no less than on a monthly basis.

This can be achieved through
installing scanning applications like Nexpose from Rapid7 (http://rapid7.com) or through outsourcing to a
specialist scanning vendor like Qualys (http://www.qualys.com).

3.      Services,
applications and user accounts that are not being utilised should be disabled
or uninstalled.

Numerous tools to analyse and
tweak running applications and services exist.

4.      Use
the Internet Connection Firewall or other methods (via software or hardware) to
limit connections to the server.

5.     
Configure event log settings (common methods for
Server 2003 & 2008 are available on the web).

Special
attention should be given to the security log. 100mb is a suggested minimum,
but high-volume services may require additional storage. Ensure at least 14
days of security logs are available to be able to determine the course of
events in the case of an incident.

6.    Configure user
rights to be as secure as possible.

Every
attempt should be made to remove Guest, Everyone, and ANONYMOUS LOGON from the
user rights lists.

7.    Use full disk
encryption to ensure that information resident on stolen/retired servers
remains confidential.

Options
such as PGP (http://www.pgp.com) and TrueCrypt (http://www.truecrypt.org) are popular options.

8.    If the machine is
not physically secured against unauthorised tampering, set a BIOS/firmware
password to prevent alterations in system start-up settings.

9.    Configure a
screen-saver to lock the screen automatically if the server is left unattended.

10.  Disable Remote
Desktop connection (RDP) capabilities if you do not intend on maintaining your
server with this method.

* For more advice about office computer security, see the November issue of Start-Up, on sale now, or click on Subscribe Now link (top right).

DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.