• Adhost Webmail
    • Client Login

Support - Performing a Windows Server 2003 Security Audit

Has your Windows Server 2003 machine been acting up lately? Is resource usage higher than normal? Now is the time to perform a security audit on your server! If you aren't sure where to start you can begin by using the process below:

  1. Audit Users and Groups

    Pay close attention to the user accounts and be sure there are no accounts that you did not specifically add. Also pay close attention to the Administrators group - make sure there are no unauthorized users in this group.

  2. Review Event Viewer

    Look for suspicious events such as: Event log service was stopped, Windows File Protection is not active on this system, The protected system file [file name] was not restored to its original, valid version, The MS Telnet Service has started successfully, etc.. Also look for large numbers of failed logon attempts or locked out accounts.

  3. Audit Scheduled Tasks

    Look for unusual scheduled tasks, especially those that run in the Administrator's group, as SYSTEM, or with a blank user name.

  4. Check for unauthorized shares

    5. Check for unauthorized shares by using the net share command.

  5. Audit Processes and Services

    Look for unusual processes and services by running Task Manager. A great tool for auditing processes currently running is SysInternals Process Explorer. Look for unusual started network services by running services.msc.

  6. Audit programs configured to run on start up

    7. A recommended tool that will display all programs that start when the server does is SysInternals AutoRuns.

  7. Unusual Network Usage

    8. You can use the netstat command to check for unusual network usage or if you prefer a GUI tool check out SysInternals TCPView.

  8. Run a virus scan

    9. This one should be self explanatory.

  9. Check for rootkits

    10. A great tool that will help you discover rootkits on your system is RootkitRevealer by SysInternals.

  10. Vulnerability Scan

    11. Perform a remote vulnerability scan using the tool of your choice. If you are unsure or which tool to use you can start with the Nessus Vulnerability Scanner. If you discover anything out of the ordinary during this process and are unsure of what action to take, please contact the Adhost Support team by e-mailing support@adhost.com.

Adhost Partner Logos
Home   |   Articles   |   Site Map   |   Privacy Policy   |   Terms And Conditions   |   sales@adhost.com
Local Phone: (206) 404-9000 | Toll Free: (888) ADHOST-1 (234-6781)
Fisher Plaza, 140 4th Ave N Suite 360, Seattle, WA 98109
ADHOST © 1996-2010  |  Seattle Colocation  |  About Adhost  |  Newsletter Sign-up  |  Blog  |  Twitter |  Map