Templates
Quality Assurance
Server Security Checklist

Server Security Checklist

Run this checklist when deploying a new server or doing a security audit on your existing servers.
1
Introduction:
2
Server identification:
3
Record basic details
4
Physical security:
5
Ensure the server location is secure
6
Patching and server maintenance:
7
Update service packs and patches
8
Event logs:
9
Check event log monitoring is properly configured
10
Evaluate event log monitoring process
11
Check remote access logs
12
Investigate remote access activity
13
System integrity control:
14
Evaluate server configuration control process
15
Revise server configuration control process
16
Limit changes to start-up processes
17
Remove unused software and services
18
Anti-virus and anti-malware:
19
Run a full system anti-virus scan
20
Configure server firewall
21
Authentication and access controls:
22
Enforce strong authentication for all admins
23
Send a reminder to activate strong authentication
24
Remove inactive user accounts
25
Review administrator access
26
Backups and restore points:
27
Check server data is being routinely backed up
28
Perform a test recovery from a backup image
29
Review your backup process
30
Risk management:
31
Check for hardware replacement and retirement
32
Sources:
33
Related checklists: