As it goes, Windows Server is more focused on ease of use and deployment rather than on security. However, you can extract the best value out of your server by adopting some best practices and built-in features
Make the Most Out of Credential Guard and Remote Credential Guard
Credential guard technology came into being with the introduction of Windows Server 2016. It helps in protecting in-memory hashes and Kerberos tickets.
The technology makes use of virtualization-based security to run an isolated process for storing credentials. This is done through a process called Isaiso.exe such that the stored credentials are not stored by the operating system and other applications.
Similar to credential guard, remote credential guard helps in protecting credentials during remote desktop connection sessions when you fear that credentials could be leaked.
Activate Windows Firewall
Windows Firewall is a built-in feature of Windows. However, most administrators tend to turn it off and this compromises the security of the server.
This is why it is highly recommended to turn on the Windows Firewall for all profiles, and only allow filtered traffic to enter.
Manage User Account Control
Similar to the Windows firewall, do not turn off the UAC as well. Additionally, move the UAC slider to the top and keep your servers updated. This might make way for a few extra clicks, but in the end, it is all worth it, keeping the security of your system in mind.
To keep the security of your server top-notch, it is highly recommended to enable BitLocker whenever you can. This is because it is easier to get around physical security, especially in remote offices where multiple people can access the server.
Your employees could pull out any unencrypted hard drive from the server and get access to the sensitive data on the go.
This could happen with VMDK/VHD files as well wherein an administrator with notorious intentions could download the crucial data and read them.
Audit Logs and Backups
Audit logs and backups play an important role in reverse engineering. These logs contain a record of malicious activities, if any, including log on attempts. Although the default logfile in Windows only records a few hours or days, you can increase the log size of your files accordingly and adopt the required retention measures.
Ideally, your log file should contain events from critical systems, Syslog server and the like.
As important it is to maintain audit logs, it is equally critical to manage backups as well. What if your system gets compromised by ransomware or someone steals your information, you must have a backup to make things work and restore the required data.
The Wrap Up
This is how you can maintain Windows Server 2020 and boost its security with the help of best practices and built-in features. Sounds like a tough task or too busy on other important business matters? Let us take care of it for you. tcbinc.com is an expert in maintaining windows server and enhancing its performance.
Do you have any queries? Let us know in the comments below.