All about security – 10 security rules to follow when navigating Microsoft’s server systems

When it comes to data hosting, security is one of the most important challenges for businesses to overcome. The administrators that manage the server infrastructure, whether this happens in-house or with a service provider, need to ensure that they familiarise themselves with the most up to date security mechanisms, and are continuously developing their skills and knowledge in this area.

Together with our partner Microsoft, we have put together a helpful guide of the top ten most important security tips to follow when using a Microsoft Server, which will provide IT administrators and developers with practical tips and helpful guidelines when it comes to securing their servers. In this blog post we give a brief overview of each of these security rules – as well as links to further information and materials for a more in depth look at this topic.

Windows Server Security Rule 1: Increase Authentication Security

Authentication is an essential but nevertheless critical point in the protection of IT systems, but this topic often has less priority. Therefore, rule 1 focuses on password security and setting up a temporary log-lock – as well as advice on creating a strong and complex password.

Windows Server Security Rule 2: Protect your data through encryption

Protecting the data on your server through encryption is an essential part of the security process. We talk you through the various data types and outline a step-by-step guide for optimal encryption for each data type in rule number 2.

Windows Server Security Rule 3: Patch Management is mandatory!

Need help with patch management? We show you how to become a patch professional with this list of ten best practice examples. Rule 3 covers some basic security best practices that will help increase the overall security of your system.

Windows Server Security Rule 4: Attack Surface Reduction (ASR)

As part of rule 4, our experts provide tips on attack surface reduction, including helpful step-by-step instructions for protecting your systems.

Windows Server Security Rule 5: Use Exploit Mitigation Technologies

“Exploit Mitigation” technologies will prevent exploit attacks occurring on your system. With best practices and detailed tutorials in rule 5, we show you how to use Data Execution Prevention (DEP) and Address Space Layout Randomization (ALSR) to your advantage.

Windows Server Security Rule 6: Install Anti-Virus / Anti-Malware software

Is your server protected with Anti-Virus / Anti-Malware software? –We explain to you the importance of having this installed and the importance of ensuring that it is regularly updated in rule 6.

Windows Server Security Rule 7: Apply the Principle of Least Privilege

Do you know the principle of minimum rights allocation? In rule 7 we talk you through the process of minimum rights allocation, and show you how to secure your server by means of a graduated rights system.

Windows Server Security Rule 8: Harden your application

Improve the safety of you applications by testing them for security risks. We explain what you can do in order to keep potential risks as low as possible in rule number 8.

Windows Server Security Rule 9: Detection and Notifications

Prevention is better than aftercare – you should ensure that security risks for your system are already in check before it is too late. Our security rule number 9 shows you how to always be on the safe side.

Windows Server Security Rule 10: Use Common Sense – Security Awareness

Technical tools are only part of the solution when it comes to security. Making sure you employees understand the risks and are familiar with securing data is of equal importance. Not only technical tools can be used to secure your system. An important point is also to sensitize employees to the importance of this topic. We go through this in further detail in the last part of the series, rule number 10.

For more information, please visit our 1&1 Cloud Community our server experts will be happy to help you with questions about these rules, as well as various other topics that are helpful to SMBs.

Category: eBusiness | Products | Servers and Hosting | Tips
1 comment1

Your comment


  1. February 13, 2017 at 1:59 pm | by hugh gallagher

    Dear Sir/Madam.

    I have been charged for using the Website Builder Plus service but have NOT used it. As far as I was aware I did not sign up to use the service, and certainly was in no way aware of any recurring bill I agreed to in any of my use of the 1and1 control panel. The telephonist has stopped the recurring payments but gave me this email to pursue a refund as I have not used the service (if you have logs you should see that). I was billed for a number of months against my will and knowledge. Can you please refund the charges made to my account for the Website Builder Plus Service?