Windows servers are a target for malware and hackers as they are often badly set up exactly because setting up a basic windows server is as easy as installing it. The default installation security has improved with leaps and bounds. Server 2012 is far more secure than server 2008 and Server 2016 improved it even further.

No matter how good we are, there’s never enough time to keep up with everything in security and securing windows at a basic level is not too hard.

Keep up with what is happening in security

The best way to understand what’s happening in the world of security is to read the latest reports. Have a look at Price-Waterhouse-Cooper’s  Global State of Information Security Survey, the  Verizon Data Breach Investigations Report or the Trustwave Global Security Report. Then there is also the Mandiant APT1 report. These reports show us that cybercriminals utilise the latest tech and know of all the latest security bugs and flaws in operating systems. If we do not know about these, we become vulnerable.

data securityInformation Security is NOT an IT Issue !

Security is not your IT department or your hosting provider’s issue. It is a business issue. It is essential to have an IT security committee which includes management from Operational, HR, Legal and IT as well as any other departments who have a stake in informational security. This committee has to classify your business data. They then assess the risk and do a proper risk-benefit analysis as well. The ability of your business to continue if the data is lost is discussed. This then forms part of your Business Continuity Plan and Disaster Recovery Plan. Effective Backup strategy is a part of this plan as a mitigating factor. It is essential to have a multi-layered backup strategy as no single backup is ever fail- or foolproof. A proper data audit is also essential so that you can make sure that ALL data is accounted for.

Keep your system updated

While windows updates may be a pain and cause server downtime. They are however, an essential part of securing windows. Many exploits take advantage of known flaws in windows. Microsoft usually releases a patch as soon as they are made aware of the flaw. Keep your system simple and run only applications that you really need. Running Office software on a server is just inviting trouble.

 Use Windows built-in security tools

security policies

Windows has built in controls, from enforcing a minimum password strength to the windows firewall. Only allow approved applications access to the network. You can set lockouts after a certain number of failed password attempts (strongly advised). Encrypt senstitive data so that only you can read it. You can also limit access to your server to only your network. If you are on a dynamic connection, set up a VPN to your server so that you can lock it down to only VPN access. Safe connectivity is an essential part of securing windows.

Use common sense

Don’t run Outlook on a server. Outlook receives data and files, any of which could contain malware or phishing code. Keep your passwords as long as you can. Google the most commonly used passwords and avoid them. Passwords such as ‘123’ or ‘password’ are dangerously useless and easy to guess. How important is your data or the functions of your server to your business. Use this as a measure of the effort you need to put in to securing your server.

Here is a checklist for Securing Windows

  • Service Packs and Hotfixes
    Install the latest service packs and hotfixes from Microsoft
    Enable automatic notification of patch availability
  • User Account Policies
    Set minimum password length
    Enable password complexity requirements
    Configure account lockout policy
  • User Rights Assignment
    Restrict the ability to access the server from the network to Administrators and Authenticated Userschecklist
    Restrict local logon access to Administrators
    Deny guest accounts the ability to logon as a service, a batch job, locally, or via RDP
  • Security Settings
    Disallow users from creating and logging in with Microsoft accounts
  • Network Access Controls
    Do not allow any shares to be accessed anonymously
  • Additional Security Protection
    Disable or uninstall unused services
    Disable or delete unused users
    Configure User Rights to be as secure as possible
    Ensure all volumes are using the NTFS file system
    Configure file system permissions
    Configure registry permissions
    Disallow remote registry access if not required
  • Additional Steps
    Set the system date/time and configure it to synchronise against known time servers
    Install and enable anti-virus software.
    Install and enable anti-spyware software.
    Configure anti-virus software to update daily.
    Configure anti-spyware software to update daily.
    Provide secure storage for data as required by confidentiality, integrity, and availability needs. Security can be provided by means such as, but not limited to, encryption, access controls, and file-system audits. Off-server file based backups are an option provided by Host Africa which can protect your data against malware and ransom-ware.
    Install software to check the integrity of critical operating system files.
    If RDP is utilized, set RDP connection encryption level to high.
    Configure a screen-saver to lock the console’s screen automatically if the host is left unattended.


Security is not just a buzzword – it is as real as the lock on your business door when you leave the office at night.



Happy Hosting Host Africa

we're happy to help!

Talk to a hosting specialist today and discover which options will work best for you.

Call us on +27 21 554 3096
Copyright © 2020 HOSTAFRICA - All rights reserved.

By visiting this website, you agree to its terms of use, which can be accessed by clicking on the following link: Website Terms of use
We Accept: EFT, Debit Cards, Credit Cards and Mobile Payments
Accepted payment methods