It’s a sure thing that your organization is putting away important and classified data. This on one or more Windows file servers. What might be more subtle is to what degree those servers have been suitably solidified and secured. This to shield the information from unapproved access.
Tips and Practices
In case you’re not sure where to start, simply follow these tips and best practices:
Ensure that Windows file server is physically secure
If an interloper can gain physical access to your server. Then you’re at danger for having the whole machine or one of its hard drives walk out the door. To ensure your physical security, you ought to configure your system so is just bootable from an inner hard drive. This to keep an intruder from beginning your system from removable media. BIOS and bootloader need to be secured with a secret key.
Encrypt your drives
Utilizing a program like BitLocker to encrypt your drives makes sure that your records stay secure. Even if your hard drive is discarded or is stolen insecurely after being replaced. Utilizing the drive on a server with a Trusted Platform Module (TPM) makes sure that the utilization of BitLocker is transparent and straightforward to clients and administrators.
If possible, keep the Windows file server off the Internet
There is little purpose behind most Windows file servers to be connected to the Internet. So utilize a firewall to confine access from outside your LAN.
Don’t forget anti-virus software
Regardless of the possibility that you have anti-virus software and gateway security protection, you should still install a suitable enterprise-grade anti-virus program on your file server. Most enterprise products permit you to update virus definitions from a local update server (or even from other clients running the program on your network), yet in the event that you disconnect your record server from the Internet then you may not be able to take benefit of network-based reputation systems for extra security.
Get rid of unnecessary software
There is almost no requirement for the program, like Silverlight, Flash, or Java on your server. So, having them installed simply increases the attack surface that programmers can address. You can expel unneeded from your server utilizing the control panel applet.
Stop unnecessary services
In Windows, you ought to stop Task Scheduler, Fax Service, IIS Admin, Terminal Services, SMTP, Messenger, Telnet, and World Wide Web Publishing Services unless you particularly require any of them (e.g. for remote administration).
Control file access
You can utilize NTFS security to confine file and folder access to particular groups or individual users. You can make these changes by viewing a file or folder’s properties, selecting the Security tab, then choose Change Permissions under Advanced.
Use the auditing function
Ensure that you set up auditing with the goal that you can see who is trying to write, read or erase your secret documents and folders. You can make these changes by viewing a file or folder’s properties, selecting the Security tab and after that choosing the Auditing tab under Advanced.
Perform administration tasks using the least amount of privileges
Stay away from utilizing administrator privileges when possible. Accounts should be checked and secured by solid passwords.
ServerPronto offers the best affordable and secure hosting service in all dedicated server packages.