Questions about protecting Windows Servers

 

How are you protecting your Windows server from malware? Whether you are talking about Active Directory domain controllers, Exchange or SQL Server-based systems, file servers, or even systems or terminal services that provide VPN access, what you are doing may be far from the best protection.

In the past two years, I began to see Windows servers running various types of malware protection. But why is malware protection still not taken seriously at the server level? It may be because the Administrator thought: "It is a server, and no one really has to do too many things on the top" or "in the confrontation with malware, I can not trust my users, but I am confident that I will not have any wrong steps on the server that will cause a malware infection." Everyone has their own thoughts on this incident.

If you do not want to be attacked, you should be more advanced in protecting your Windows server. A project I recently worked on didn't happen and an enterprise ended up with thousands of systems, including dozens of half-way Windows Servers infected with advanced persistent threats (APT) worldwide. Some servers are protected, while others are not. These inconsistencies will be detrimental to you. In addition, your business may be subject to rules, such as pci dss, HIPAA, and others. Or perhaps your legal team has agreed to a contract or SLA, including malware protection ).

No matter how you plan or use your Windows Server, they are likely to be at risk of malware infection. Understanding this is important. This is not just a highly visible production system, but all. Just like the suggestions I gave to customers when talking about implementing information security assessment: everything is fair. Why do you only see a small part of the environment? Bad guys and malware don't understand the boundary, so you can better protect everything that spans the company, including those Windows servers that you think are not strategically important.

The following are 10 questions you can ask yourself to better solve Windows Server Protection:

1. What rogue software threats are we going to address? Have we recorded these threats in the incident response plan?

2. What rules, policies, and contracts should we be responsible?

3. Do we need to perform real-time scanning?

4. Do I have to merge some files/folders into anti-virus software configurations to eliminate other bottlenecks?

5. Do we need additional protection at the Web browser level to prevent phishing and browser-related attacks?

6. Does the Administrator check the email on our server? Is there a better way to help minimize these risks?

7. What is the best way to scan the entire system? Do I need to perform a full system scan?

8. Do we only need to protect OS volumes or data volumes that may be infected?

9. In addition to production servers, what other physical or virtual Windows servers need to be protected?

10. Does our boundary or cloud-based anti-virus software provide sufficient protection to determine that we are not running anything at the server level?

After answering these questions, you should review Microsoft's basic guide for anti-virus software running on Windows servers. Review is rewarding.

If you really need to think deeply about these issues, you may find that your server is protected against malware. If you choose to Install antivirus software on your Winows server, focus on the right target. You don't have to worry about which anti-virus vendor is the best (I don't think there is the best solution). You just need to pay attention to the best way to protect your servers from malware attacks. This means you can run the same and different anti-virus software on your Windows desktop.

Only you know what is the best. Hurry up!