Story image

How to secure your server

01 Oct 2010

1.      Enableautomatic notification of patch availability and install latest service patchesand hot fixes from Microsoft.

This would require checkingwith your POS vendor if this would be an acceptable practice.

2.      Scanfor vulnerabilities no less than on a monthly basis.

This can be achieved throughinstalling scanning applications like Nexpose from Rapid7 (http://rapid7.com) or through outsourcing to aspecialist scanning vendor like Qualys (http://www.qualys.com).

3.      Services,applications and user accounts that are not being utilised should be disabledor uninstalled.

Numerous tools to analyse andtweak running applications and services exist.

4.      Usethe Internet Connection Firewall or other methods (via software or hardware) tolimit connections to the server.

5.     Configure event log settings (common methods forServer 2003 & 2008 are available on the web).

Specialattention should be given to the security log. 100mb is a suggested minimum,but high-volume services may require additional storage. Ensure at least 14days of security logs are available to be able to determine the course ofevents in the case of an incident.

6.    Configure userrights to be as secure as possible.

Everyattempt should be made to remove Guest, Everyone, and ANONYMOUS LOGON from theuser rights lists.

7.    Use full diskencryption to ensure that information resident on stolen/retired serversremains confidential.

Optionssuch as PGP (http://www.pgp.com) and TrueCrypt (http://www.truecrypt.org) are popular options.

8.    If the machine isnot physically secured against unauthorised tampering, set a BIOS/firmwarepassword to prevent alterations in system start-up settings.

9.    Configure ascreen-saver to lock the screen automatically if the server is left unattended.

10.  Disable RemoteDesktop connection (RDP) capabilities if you do not intend on maintaining yourserver with this method.

* For more advice about office computer security, see the November issue of Start-Up, on sale now, or click on Subscribe Now link (top right).

Orange Belgium opens 1,000 sqm Antwerp data centre
It consists of more than 500 high-density 52 unit racks, installed on the equivalent of 12 tennis courts.
Time to build tech on the automobile, not the horse and cart
Nutanix’s Jeff Smith believes one of the core problems of businesses struggling to digitally ‘transform’ lies in the infrastructure they use, the data centre.
Cloud providers increasingly jumping into gaming market
Aa number of major cloud service providers are uniquely placed to capitalise on the lucrative cloud gaming market.
Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.