0% found this document useful (0 votes)
105 views2 pages

UCD Windows Security Checklist

This document provides a checklist of 19 recommendations to secure Windows servers, including: 1) Using supported Windows versions and keeping applications patched, 2) Automatically installing Windows patches and logging users out each night, and 3) Enabling firewalls, antivirus software, and removing unnecessary services, accounts, and browsers to lock down access and prevent exploits. The checklist aims to protect servers through configuration hardening and vulnerability scanning.

Uploaded by

Vincent
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
105 views2 pages

UCD Windows Security Checklist

This document provides a checklist of 19 recommendations to secure Windows servers, including: 1) Using supported Windows versions and keeping applications patched, 2) Automatically installing Windows patches and logging users out each night, and 3) Enabling firewalls, antivirus software, and removing unnecessary services, accounts, and browsers to lock down access and prevent exploits. The checklist aims to protect servers through configuration hardening and vulnerability scanning.

Uploaded by

Vincent
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

UCD IT Services IT Security

Windows Server Security Checklist

Recommendations Completed Comment


1. Only use Supported Windows Operating systems and applications.
(Microsoft no longer supports XP and Windows 2003 server).
Visit - https://support.microsoft.com/en-us/lifecycle?C2=1163
2. Set Windows systems Patches to automatically install. Make sure users log out of the
server each evening so that Windows patches can be applied.
3. Make sure that all application patches are kept up to date. E.g Java, Sql_server,
Oracle, adobe, etc
4. Install Microsoft Enhanced Mitigation Experience Toolkit “EMET” to defend against
cyberattacks.
Visit - https://www.microsoft.com/en-us/download/details.aspx?id=50766
5. Create a strong password policy. Run “Secpol.msc" and edit “Account Policies”
- Set a minimum password length of 10 and enable password complexity
requirements
6. Configure an intrusion prevention policy. Run "Secpol.msc" and edit “Account
lockout policy”.
- Set accounts to lockout for period of time (min 10 minutes) after a small number
of failed login attempts (5) and reset account lockout counter to the same period
as lockout (e.g 10 minutes)
7. Install Anti-Virus and remember to check it at least once a week to ensure that it is
running, updating and review the last full AV scan results.
If using Sophos manually enable “Web Protection”.
8. Enable system and event logging.
9. Check that the server Firewall is turned on and filterers are setup to protect open
ports and programs.
10. Use the local firewall to restrict Remote Desktop Access to only the UCD network (or
preferably your own network) and use the UCD VPN if remote access is required.

Security Tip: Protect your information visit www.ucd.ie/itsecurity


UCD IT Services IT Security

11. Disable or uninstall all unnecessary Windows services and features e.g print service,
file and printer sharing, netbios, etc
12. Remove or disable all Internet browsers (Windows feature > disable IE) or if
absolutely required enable IE with enhanced security configuration.
13. To protect against phishing (and malware) attacks never access email on server and
remove all email clients.
14. Enable user account control (UAC) so that system changes require administrator level
permissions.
15. Check that only approved users can access the server and that they only have the
minimum privileges necessary. Do not use generic accounts and remove unnecessary
accounts such as guest.
16. Use SSL for all websites. This is a requirement for any website that requires
authentication. Contact [email protected] for free SSL certificates.
17. Do not collect or process credit card payments on any server without contacting
[email protected] in advance.
18. Run Microsoft baseline security analyser to check security setting.
19. Once you have applied the above hardening recommendations then contact
[email protected] for free vulnerability scan.

Security Tip: Protect your information visit www.ucd.ie/itsecurity

You might also like