Security Audit On Windows Servers : Guide
Since Windows cyber attacks are severe these days, we have to perform security audits at regular intervals.
May refer to the below steps while performing a security audit on Windows servers.
9 Steps to Perform Windows server Audit
1) Change default server RDP port
2) Change admin password
3) Scanning with antivirus (Microsoft malicious removal tool and Malwarebytes)
4) Run windows update
5) Disable GUEST user if enabled, disable other suspicious administrator users
6) Check task manager to see if got anything running suspicious processes or not for few days
7) Restrict RDP access with only authorized IP ( it can be a fixed IP or VPN IP )
8) Implement 2FA (two-factor authentication ) to RDP access.
Any RDP access requires extra authentication like SMS, email, or access authorization by connected mobile apps. Also can consider a 2FA system from https://duo.com/.
9) Install Process Monitor tool. The tool monitors and displays real-time all file system activity and processes on a Microsoft Windows operating system.