Active Directory How-To pages

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on his Active Directory. This helps him identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Active Directory How-To pages

How to secure a Windows server?

Security is the ultimate concern when you consider adding a server into your organization's environment. So, here's a checklist to make sure your server's security is not compromised in any way.

1. Use local firewall rules

Using Windows firewall is a mandatory requirement to secure your servers.The firewall, true to it's name, acts as a wall of protection between your data and the external network. So make sure you:

  • Disable as many rules on the firewall as possible. Disabling firewall rules would mean that fewer ports are open. Since there are lesser ports actively listening over the public interface, the server is less exposed to malicious users and threats.
  • Whitelist the IP address in the relevant rules for those ports that must be open. By limiting access, you can ensure that users who need access to the server are able to, while those who shouldn't or needn't are not able to access it. The most typical ports that need to be open in the Windows firewall for hosting web applications on a cloud server are as follows:
Port Service
80 HTTP - IIS sites or web application
443 HTTPS Secure IIS sites or web applications with SSL

2. Think twice before sharing any data:

  • While using Windows file sharing, the ports that are opened on the firewall (ports 445 and 139) expose the server to unwanted connection attempts. So it is not recommended to use it.
  • Additionally, be careful about the software that you allow your users to download and install on your server. Every software package installed increases the exposure of your server to attack.

3. Enforce a strong password policy

A door is only as strong as it's key is. So keep your passwords as strong as possible. And regulate this across the organization to ensure that everyone follows this password policy. Here are some suggestions for a strong password:

  • Use strong passwords of at least 8 to 10 characters that include uppercase and lowercase letters, numbers, and special characters (such as !, #, $, and %).
  • Make sure the password policy set an expiration date for each user’s password. This way, users would be forced to change their password frequently, thus reducing the risk of an attack.

4. Create individual administrative accounts:

Be selective about who you are granting administrative rights to. If multiple users need admin access to the server, create multiple accounts with admin access. This way, a malicious user can be traced down using the logs that fall under their name, instead of a common administrator account.

5. SQL server instances:

  • For servers running Microsoft SQL Server, lock down the SQL port 1433 to listen over the internal interface only. This reduces risk of outsiders attacking the network through the SQL server.
  • For a connection to the outside network, you can allow SQL port 1433 to listen over the public interface. But this rule must be limited to accomodate only the IP addresses of the computers through which the developers connect to the databases on the server.
  • For servers running SQL Server Standard or SQL Server Web editions, we recommend configuring maintenance plans to dump the data from the live database files into flat files that can be backed up off the server and to clean up the backups so they do not fill your hard drive

6. Windows updates:

Always update your server to the latest version. Don't forget to make sure that your Windows OS is patched.

7. Always have a backup plan:

  • Set up a disaster recovery plan. You could create cloud server images periodically write them to your Cloud Files containers with a default retention of seven days.
  • Create a new server instance from the image to check if the image is valid. Try restoring a file from Cloud Backups to verify that the data being backed up can be restored. Verify the backups to ensure that they are valid.

8. Code it right:

  • The last attack surface exposed to the Internet is the code. You and your developers must ensure that the code is enforcing proper authentication and authorization.
  • File authorization should be carefully defined and all inputs on the application should have the best validation possible to prevent hackers from exploiting the web application and gaining control of the server.

Explore Active Directory auditing and reporting with ADAudit Plus.

  • Enter your email id
    Please enter a valid email id
  • Enter your phone number
  • Select demo date
  •  
  • By clicking 'Schedule a personalized demo', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing