Log off - You should always log off a server when you’re not actively using it. Leaving a server logged on when you’re not available is essentially a portal into your server. Although staying logged in can save time, it’s not worth the security risk.
Use strong passwords - Strong passwords are important to secure any online account, but they are especially important when it comes to your server. Make sure your Windows OS server has a six to eight character password with a good mix of letters and numbers. Run a password recovery system to look for bad passwords.
Locate your server in a locked room - If your company has a large number of employees, make sure you have a secure physical location for your server – preferably a locked room. Give keys only to IT professionals who will be working directly with the device.
Turn off extras - Remove or turn off all unnecessary and unutilized programs or services connected to your server, including FTP, Simple TCP/IP Services and unneeded network protocols. Consider using your servers for one singular purpose – like a database or e-mail server function – and remove all software associated with other functions from that server.
Set up a Firewall - A firewall will help you keep a roadblock between you and your company’s employees and the outside world. Firewalls can be hardware- or software-based and will help protect your Windows server from attacks.
Dual Authentication - If one authentication method is good, two is even better. Make sure your administrators have at least two authentication methods, including a username/password combo and biometrics data or smart card.
Update software ASAP - When updates come available, install them as soon as you can. Microsoft develops updates to close security loops and glitches that could put your Windows OS server at risk, and waiting to install can potentially open the door for hackers and spammers. Additionally, some updates and patches are triggered by malware, and software designers rush to fix the problem – but delaying your own patch can be incredibly damaging.
Add security software - it may seem counterintuitive to the “turn off extras” tip, but the one type of software you should be running on all your Windows servers is software to detect and remove malware and spyware. This can include anti-spyware filters and scanners, plus prevention software to guard against attacks and maintain system file integrity.
Quarantine incoming material - If your Windows OS server is being used for e-mail function, make sure you have set up to partition incoming and uploaded files and running them through anti-virus software before they are fully transmitted. Another option is to disallow file uploads to your server
Stay on top of security - After putting many of these security measures in place, some IT professionals may move on to other projects thinking their security job is complete. This is a huge mistake – there are professional hackers out there working hard day in and day out to steal your information and infect your servers, so staying on top of your security measures is key. Have a member of your IT department review logs, regularly search for updates and patches, research news about recent attacks, and maintain your Windows Servers.