Protecting a server is very important, servers are central resources which often contain sensitive data. But at the same time as the server must be secure, the outside world must be able to access the server. A server which is not connected to the outside world is of course very safe but virtually useless. Server security very much boils down to finding a compromise between security and access. Here is a short overview of Windows server security.
Computer security is a fast moving field, new security holes are detected all the time and need to be patched. This means that one of the main principles of server security is to regularly update the Windows operating system on your servers.
The Windows operating system may look like it is full of security flaws. New security patches are released all the time. But Windows is not significantly worse than most other operating systems. It is just that Windows is the most popular operating system so it makes sense for attackers to target Windows rather than some obscure system which is not much used. To some extent, the large number of security fixes for Windows makes it a relatively safe system. This of course under the assumption that you have installed all security patches.
Server security can be divided into two main categories, internal security and external security. Internal security means that the system does not allow authorized users to do more than they are allowed to. External security means that you keep unauthorized users out of the system. With the help of firewalls it has become relatively easy to prevent the bad guys from accessing your servers. Often it is actually the authorized users that create the serious security breaches.
Firewalls are very good but don’t solve all your security concerns about unauthorized access, you also have to make sure that your server is secure. This means that all services that are not necessary should be disabled. This limits the number of potential security flaws. You should also make sure that the authorized users use non-obvious passwords and change them regularly. Secured servers are difficult to break into, due to this social engineering has been a popular way of finding an easy way in. Getting the login details of an authorized user has one huge advantage, there is no security to break.
The server administrators typically know how to protect the administrator accounts. But it is tougher to control all user accounts on a large server. The best solution is to make sure that each and every user only has the rights and privileges they need in order to do their work. Any extra privileges can be used by attackers who have managed to get hold of a user account or by a disgruntled employee to steal data or to damage the server.
Fortunately, Windows have improved a lot when it comes to auditing and user access control. In the early versions of Windows, it was difficult to assign specific rights to different users and auditing was far from sophisticated. But with each new Windows versions, things have improved. It has also become much easier to control large number of Windows servers.
Even the best secured systems can be compromised, or at least suspected of have been compromised, so it is very important to be able to track what an attacker has done or tried to do. For this you need a good auditing system and also a snapshot of the system so that you can compare if any configuration changes have been done. The bad news is that if you don’t really know what an attacker has done, the only safe option is to reinstall the system from scratch. Needless to say, this is very time-consuming and will affect the users.