Security studies (including GoGrid’s internal research) strongly demonstrate that most systems will be attacked within 5 hours after becoming publicly accessible—in some cases, in less than 2 hours. The sources of the attacks are often unsuspecting users whose systems have been compromised by malware and are in turn being used to attack and infect other systems. The majority of attacks target two common threats:
- A combination of commonly used system accounts (e.g., the Administrator account) with weak, dictionary-based passwords
- Systems that are missing critical or high-security vulnerabilities
This document provides GoGrid’s security recommendations for Cloud Servers running Microsoft Windows. Perform these 5 steps in sequential order immediately after provisioning new GoGrid Cloud Servers to maintain the integrity and security of your system.
Note: For a step-by-step how-to with screenshots, please see the companion article, “How To Tighten Up Windows Security.”
Step 1: Patch your system
Attackers will typically scan your system for vulnerabilities within 2 hours of being publicly accessible. Often, the attackers search for un-patched network services that can be exploited remotely. To ensure system security, GoGrid recommends that you:
- Apply all applicable critical or high-security updates immediately after your first successful login.
- Disable all unnecessary network services.
- Review security updates weekly.
Step 2: Rename the administrator account
Attackers will typically perform a dictionary attack against a system within 2 hours of becoming publicly accessible, often targeting the administrator account. To reduce this threat, GoGrid recommends that you:
- Rename the administrator account with a non-dictionary one such as “4rfv%TGB”.
- Don’t allow anonymous enumeration of Security Account Manager (SAM) accounts and shares.
Step 3: Change your Windows default administrator account password
As part of provisioning new Cloud Servers, GoGrid provides its customers with auto-generated strong passwords for the administrator account. The password is temporary and should be changed immediately after patching your system. To ensure your password is strong, GoGrid recommends that you:
- Create a password that contains at least 12 characters.
- The password should meet complexity requirements to help reduce the threat of an attacker guessing it. Use a combination of alpha-numeric characters, upper and lowercase letters, and non-alphabetic symbols such as @# % in your password.
- Don’t share the new password with anyone outside your organization, including GoGrid personnel.
Step 4: Install anti-virus (AV) software
Effective use of AV software can help reduce common malware infections and in some cases, zero-day threats. To reduce such threats, GoGrid recommends that you:
- Deploy AV software that uses heuristic techniques to identify new malware or variants of existing ones.
- Consider running your AV software in real-time protection mode (automatic protection) on file extensions commonly used by malware authors such as those ending in .exe, .dll, .sys, .scr, .drv, .ocx, and .pdf or any archived or compressed file extension.
- Perform full scans at least weekly.
- Update your AV definitions at least daily.
Step 5: Limit web browsing to only trusted sites
A current security threat report from a leading security firm states that, “85% of malware, including viruses, worms, spyware…comes from infected websites with drive-by downloads marked as the top threat.” To minimize risk, GoGrid recommends that you:
- Avoid web browsing from any of your cloud systems unless it is an emergency.
- Employ the highest security browser setting in the event web browsing is required.
As an ongoing effort to make cloud computing safer and better, GoGrid will be providing several primers on security. Next up: “How To Tighten Up Windows Security.”
Latest posts by Mario Duarte (see all)
- Get on the Road to HIPAA Compliance with GoGrid’s New Solution Bundle - October 10, 2013
- How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2) - January 29, 2013
- How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1) - January 28, 2013