Server security is critical for anyone managing a server, as threats are constantly evolving and targeting systems in various ways. This article provides basic but crucial tips to help secure your Windows server.
1. Disable the Default Administrator Account
Hackers often target primary system users to gain unauthorized access. On Windows servers, the default user is "Administrator." To reduce the risk of brute-force attacks, it’s advisable to disable this account and create an alternative user with full administrative privileges to manage the server.
To do this, create a new user account, then log in and navigate to Computer Management → Local Users and Groups. Right-click the Administrator account, select Properties, check the Account is disabled box, and click OK.
2. Set a Strong Password for Your Administrator Account
Passwords are often compromised through databases containing common passwords and their hash values. To protect your server, it’s essential to create a strong password and update it regularly. Use unique, complex passwords that include numbers, special characters, and non-dictionary words. For example, instead of "OrangeCat," use "0r4ngeC4t" to make it harder for attackers to guess.
3. Change the Default RDP Port
To enhance security, it’s recommended to change the default Remote Desktop Protocol (RDP) port from 3389 to another number. You can do this using the Registry Editor:
- Press Win+R, type
regedit, and press Enter.
- Navigate to HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Control / Terminal Server / WinStations / RDP-Tcp.
- Right-click PortNumber, select Modify, and change the port value after selecting Decimal Base.
Alternatively, you can change the port using PowerShell with the following commands:
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value [new_port_number]
New-NetFirewallRule -DisplayName 'RDPPORTLatest' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort [new_port_number]
If your server's firewall is active, adjust its settings to allow connections through the new port.
4. Restrict RDP Access to Specific IP Addresses
To further secure RDP access, use the firewall to allow only certain IP addresses to connect to your server. Find the rule for your RDP port in the firewall, right-click and select Properties, then go to Scope. In the Remote IP address section, click Add and specify the IP addresses permitted to connect via RDP.
5. Keep the Windows Firewall Active
The firewall is a crucial layer of server protection, filtering traffic and blocking malicious requests. While some may disable it due to resource usage or service restrictions, it is vital to keep the firewall running with appropriate custom settings.
6. Perform Regular Updates
Regular updates are essential for maintaining security. These updates address vulnerabilities in the operating system and software that could be exploited by attackers. To update your server, go to Settings → Update & Security → Windows Update. Also, if you host a website using WordPress, ensure the platform and its plugins are regularly updated.
7. Consider Third-Party Security Solutions
Using antivirus programs can add an extra layer of protection to your server. Popular free options include Avira, Panda, Sophos, and Kaspersky, each offering various features such as real-time scanning and VPN services. However, be sure to verify the reputation and compatibility of any third-party software before installation, as these programs will consume server resources.
Conclusion
Basic server security is no longer just a recommendation—it's a necessity. As cyber threats become increasingly sophisticated, it’s crucial to take proactive steps to protect your server. Failing to do so can lead to severe consequences, including data breaches, unauthorized use of resources, and financial loss. Take the time to implement these security measures and safeguard your server against potential threats.
