When we have on-premises environments, server security is major concern. Keeping servers in a secured area alone, cannot be considered as hardening. We must secure our servers from hacking by following security measures.
Password should be complex always.
We should not install / keep any unwanted / non-licensed software’s in the servers.
We should not open unwanted ports.
We must patch the servers in regular intervals. Microsoft releases patches based on the bug and vulnerability reports they receive from the customers. Hence, we must patch the servers in regular intervals.
We must configure our server with proper antivirus / anti-malware solution.
We must provide required privileges to required personnel only.
In recent times, we are hearing a lot about MFA (Multi Factor Authentication). By enabling this MFA, we can secure the server.
Encryption in data and network can secure the server more.
Change management can play a huge role in hardening. If you have the record of the changes whatever you do the server will be recorded in change management.
Below steps will provide some extra security.
Keeping BitLocker.
Disable auto administrative logon to the recovery console.
Welcome to My World 