• Colocation
• Data Center
• Windows Server 2003
• Performing a Security Audit
• Colocation Billing
• Client Login
• cPanel
• Data Backups
• Database
• Domain Names
• Email
• Email Marketing Manager
• FTP
• Merchant Support
• Network and Connectivity
• Site Building
• Statistics
• Secure Certificate
• FAQs

Support - Performing a Windows Server 2003 Security Audit

Has your Windows Server 2003 machine been acting up lately? Is resource usage higher than normal? Now is the time to perform a security audit on your server! If you aren't sure where to start you can begin by using the process below:

1. Audit Users and Groups

   Pay close attention to the user accounts and be sure there are no accounts that you did not specifically add. Also pay close attention to the Administrators group - make sure there are no unauthorized users in this group.

2. Review Event Viewer

   Look for suspicious events such as: Event log service was stopped, Windows File Protection is not active on this system, The protected system file [file name] was not restored to its original, valid version, The MS Telnet Service has started successfully, etc.. Also look for large numbers of failed logon attempts or locked out accounts.

3. Audit Scheduled Tasks

   Look for unusual scheduled tasks, especially those that run in the Administrator's group, as SYSTEM, or with a blank user name.

4. Check for unauthorized shares

Check for unauthorized shares by using the net share command.

5. Audit Processes and Services

   Look for unusual processes and services by running Task Manager. A great tool for auditing processes currently running is SysInternals Process Explorer. Look for unusual started network services by running services.msc.

6. Audit programs configured to run on start up

A recommended tool that will display all programs that start when the server does is SysInternals AutoRuns.

7. Unusual Network Usage

You can use the netstat command to check for unusual network usage or if you prefer a GUI tool check out SysInternals TCPView.

8. Run a virus scan

This one should be self explanatory.

9. Check for rootkits

A great tool that will help you discover rootkits on your system is RootkitRevealer by SysInternals.

10. Vulnerability Scan

Perform a remote vulnerability scan using the tool of your choice. If you are unsure or which tool to use you can start with the Nessus Vulnerability Scanner. If you discover anything out of the ordinary during this process and are unsure of what action to take, please contact the Adhost Support team by e-mailing support@adhost.com.