How to secure a Windows file server

Have you hardened your file server? You can protect your important files and prevent unauthorized intrusion by following these methods.

It is a safe practice to keep your company's valuable confidential information on one or more Windows file servers. It may not be obvious that you do not know the extent of the enhancement and protect the data against the scope of the illegal intrusion.

If you don't know where to start, it's okay to just follow the 10 best practices that you can get by doing this:

The first trick is to make sure that your server is physically secure.

If the intruder can physically access your server, then you will have the risk of being taken away from the entire machine or a hard drive. In addition to ensuring physical security, you should also configure your system to boot only from within the hard drive to prevent intruders from booting the system from removable media. Both the BIOS and the boot loader should have a strong password to protect.

The second trick is to encrypt your drive.

Use a BitLocker-like system to encrypt your drive so that even if your hard drive is stolen or replaced and dumped in an unsafe location, you can still make sure your files are safe. Use the Trusted Platform Module (TPM) on your server to ensure that BitLocker is publicly transparent between administrators and users.

The third recruit as far as possible to keep the server away from the network.

Because most file servers are unavoidable to connect to the Internet, use a firewall to restrict external access to your local area network.

The last trick is to ensure that the server updates the latest and most complete patches.

Even if your Windows server is not connected to the Internet, you still need to ensure that the software is updated by running Windows Server Update Service (WSUS) on another server on your network. If getting your file server, not networking is not practical, then you should make sure that Windows updates are set to automatically download and apply patches-unless you already have a set of downloads and manual test patches for the program.

Another area that is easy to miss is the enhanced security configuration of IE, which is rarely used in IE, so the security of IE browsers is often overlooked. You can view the Internet Enhanced Security configuration option from the Control Panel to add Windows component components.

Don't forget the antivirus software.

Even if you have the security of the gateway, also run the personal anti-virus software, but you should still run enterprise-class anti-virus software on your file server. Most enterprise products allow you to update virus data from a local server (even on software that is run by other users on your network), but if your file server is not networked, you may not be able to take full advantage of the extra protection that is available on the web.

The trick is to get rid of unnecessary software.

Those that are certainly not needed on your server, such as Flash,silverlight, or Java. Installing these software will only increase the chance for hackers to attack. You can remove the unused control panel from the server.

The seventh recruit stops unnecessary service.

In Windows, unless you specifically need these (like remote management), you should stop like fax services, Messenger, IIS Admin, SMTP, Task Scheduler, Telnet, Remote Desktop Services, World Wide Web publishing services, and so on.

The eighth recruit control file access.

You can use NTFS security to restrict files and folders to access specific groups or individual users. You can view the properties of a file or folder, select the Security tab, and then change the permissions in advanced.

The Nineth recruit uses the audit function.

Make sure you set up an audit so that you can see who has tried to read, write, or delete your confidential files or folders. You can do this by looking at the properties of a file or folder, selecting the Security tab, and then selecting the Auditing tab in the Advanced settings.

The tenth recruit performs administrative tasks with minimal privileges.

Avoid the use of administrator privileges as much as possible. Also, ensure that all accounts with Administrator privileges enforce strong password protection even if they have a password policy.

More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/OS/home/