Solved

Top 10 critical checks for windows servers

Posted on 2013-01-17
9
377 Views
Last Modified: 2013-02-01
We have got to audit a number of virtual windows 2008 file/database servers for critical controls, albeit not just specific to security (although they will undoubtedly be up there in the top 15). By audit this is more a risk assessment/healthccheck, not audit who can access what in the traditional sense of the word.

I was trying to identify probably a top 10-15 critical controls list for the servers so we can do as much as possible in the time available. Patching, weak password identification etc are 2 obvious security ones, but I don’t want to purely focus on security settings.

The objective is to ensure the servers have optimum availability, security/confidentiality, integrity, alignment with vital controls and best practice. What would your top 15 checks be in your expert opinion, i.e. which are the most important/vital. I would rather some feedback rather than being pointed to a guide.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 167 total points
ID: 38786641
Security Patches and User Account Policys should be in your top 10.

But also what Group and Local Policies are in effect.

Also what applications are installed, and what shares if any are enabled

Remote Access to what and who?

Firewall Enabled and Rules

How many nics enabled and to which LANs
0
 
LVL 3

Author Comment

by:pma111
ID: 38786662
any top 5 controls outside of security per server?
0
 
LVL 121
ID: 38786689
how does your server baseline match against your build document.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 3

Author Comment

by:pma111
ID: 38786693
I was more leaning towards controls such as backup/resore, performance management etc etc...
0
 
LVL 23

Assisted Solution

by:Ayman Bakr
Ayman Bakr earned 167 total points
ID: 38786783
I kind of agree that security controls should be in the top 10; apart from what was mentioned by hanccocka also the following should not be forgotten:
-> Guest accounts, anonymous accounts should be disabled.
-> Firewall enabled and only necessary ports opened.

However, to answer you question on performance, you should be looking at:
-> CPU utilization should usually not exceed 80 - 90 % / event alerts should be set at this threshold.

-> Memory Utilization also should usually have threshold alerts at utilizations closing 80 to 90 %

-> Disk Queue Length should usually not exceed 2.

-> Network/Bandwidth utilization

On the backup/restore side of the picture, it should really depend on your strategy. Some do a daily incremental backup and a once a week full backup. However you concern should be a checklist of:
-> where should your backup be stored
-> Testing the backup and restoration periodically
-> Having several copies of a backup
-> Off-site location for a backup
-> Quarterly/Yearly backup
0
 
LVL 20

Assisted Solution

by:wolfcamel
wolfcamel earned 166 total points
ID: 38786841
do you have monitoring and alerting - will you get an email if CPU utilization goes high, or if available disk space drops below 5%?
Are all autostarting services started?
Event logs monitored?
are all device drivers up to date?
are UPS devices checked to see what their battery life is?
Do you get alerts if the server reboots? or if software is added/removed?
0
 
LVL 3

Author Comment

by:pma111
ID: 38787160
So grouping these answers

1) security
2) performance management
3) backup/restore

Any more? I was hoping for quite a comprehnsive list of areas to cover
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 38787249
it is both comprehensive and simple..
measure everything and get alerts / monitoring when those measurements don't meet the criteria you have set.
Monitor all relevant changes - such as security, updates, firewall attacks.
Backup your data and your configuratation.
Test your backups and restore.
Ensure you have things well documented so you can restore or fix things if they break.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38788826
Add one more category for the group - maintenance tasks:
-> how often should servers be restarted
-> when should they be updated/upgraded (software installed, OS)
-> periodic system and software patch release updates
-> periodic check on the event logs and reactive (later proactive) troubleshooting and maintaining
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question