Shells Logo
    Why ShellsPricingDownload
    By Suparna GangulyJune 17th 2021

    Only a safe and secure Windows server enables you to work comfortably.

    So, after completing the Windows installation, we encourage you to follow certain security measures.

    This article explains 8 different ways of how to secure your Windows server after the first installation.

    Authenticate with SSH Keys

    To secure the Windows server after the first installation, instead of using a traditional login, authenticate with SSH keys.

    SSH keys are made of more bits than passwords. So, they’re a tough nut to crack even by the latest computers. 

    The SSH key pair consists of – 1) one Private key, and 2) one Public key.

    Some copies of the public key are shared with the users. With a public key, one can encrypt data. 

    The private key isn’t shared and is kept secure.

    The user needs the private key before they establish a connection with the server.

    Install Nothing but the Required OS Components

    By default, Windows tends to install the entire version of the OS. But it’s suggested that you should do a minimal custom install.

    You can leave all the unnecessary components aside.

    The advantage of such a minimalist installation is that it reduces the attack surface.

    The updates needed for maintenance and patches are reduced also. 

    So, after a fresh install, keep your Windows server secured by reducing OS extras.



    Secure Your Remote Desktop (RDP)

    If you’re on a remote desktop, you must secure your RDP from malicious actors.

    Hackers often try to gain advantages through your remote desktop.

    To prevent their unauthorized access to your Windows OS, change the default RDP.

    Usually, 3389 is your default RDP port. So, transfer the port to anyone from 10000 to 65535 range.

    For the dedicated IP address users, Advanced Windows Firewall Options are recommended. And lock down your remote desktop to that particular IP address only. 

    Create a Restore Point

    After installing the security updates for your Windows OS, you should create a restore point.

    For creating a restore point in Windows, click on the Start button.

    Then, follow these steps: Control Panel -> System and Maintenance -> System.

    Next, select System Protection and press the Create button.

    Once the Restore Point is created, name it “Clean Installation”.

    Then carry on with the installations of drivers and applications.

    If at any time any of the drivers create issues on the system, reach out to the restore point.

    Use Windows BitLocker

    Windows BitLocker is a free encryption tool to keep your PC protected.

    Windows BitLocker secures your Windows OS booting process.

    It restricts unauthorized data mining.

    Even when your Windows server isn’t powered on, BitLocker Drive encryption keeps on working.

    Windows BitLocker is a powerful and efficient anti-hacking tool that gives your system all-around protection against malware hacking. 

    Encrypting the hard drive is specifically needed if you’re using laptops. Because they’re more prone to theft.



    Secure Web Browser without a Fail

    Web browser vulnerabilities are like invitations to cybercriminals.

    Since, your browser is your go-to tool to access the internet, pay close attention to its security.

    For instance, when you’re using Adobe Flash software, you should know its security flaws.

    To be safe while surfing through different web pages,

    • Make sure to use the latest updated browser version.
    • Keep updating your web browser from time to time.
    • Use a private session for browsing a website you’re visiting the first time and are not sure about.
    • Malware spreads by malicious code embedded in the pop-ups. So, block pop-up windows from your web browser.

    Hide Server Information

    To keep your Windows server secure, provide as little information as possible about the built-in infrastructure.

    The less information is known, the better.

    Also, hide the version numbers of all the software programs you’ve installed. Because often these version numbers reveal the release dates that can aid hackers.

    Want to remove this information? Simply delete it from the HTTP header. That’s how you can hide your Windows server information from cyber attackers.

    Manage Users

    Each server has one root user that has the power to execute any command.

    If the root falls into the wrong hands, it can be very hazardous for your server.

    Hackers try to crack the password of the root user for it’s the most powerful.

    In order to save your server from all the potential threats, completely disable this user.

    Also, create a safe limited user account. This user can perform admin tasks with Sudo privileges

    Summary

    After reading all the security recommendations, hope, you’re more confident about how to secure your Windows server after a fresh install.

    The security measures are needed to be enabled during the initial setup and during the maintenance over time.

    So, don’t forget to follow scheduled security checks.

    )