General Hardening Tasks

This section outlines the manual hardening procedures that are part of system maintenance and are required for all deployment types. You should carry them out on a regular basis, such as when you make changes to the environment (such as adding servers or upgrading hardware), and as part of routine maintenance.

Update your operating system

Microsoft releases periodic updates (security updates and service packs) to address security issues that have been discovered in their software. Make sure your operating system is updated to the latest version. Keep the host operating system up-to-date. Operating System (OS) vendors, whether commercial or open source, regularly released security patches that resolve vulnerabilities and improve system security. We recommend keeping your server up-to-date.

Install an anti-virus solution

Servers without anti-virus protection are exposed to two risks: - Server infected with viruses that might damage the server and the entire network. - Trojan horses are planted to allow remote control of the server and to all the information on it. - Install an anti-virus solution and update it as needed

Rename default accounts

It is recommended to change the names of both the administrator and the guest account to names that don't provide information about their permissions. It is also recommended to create a new locked and unprivileged administrator user name as bait.

Regular backups

Backup at least once a day and store the backup copies in a secure location. The corresponding encryption key with which the backups are encrypted should also be stored in a secure location. Ensure the location in which the key is stored is different from the location in which the backup file is located.