The Security Checklist That Addresses 95% of Real-World Threats
Cloud server security incidents affecting Indian SMEs are not caused by nation-state attacks or zero-day exploits. They are caused by a predictable set of misconfigurations and omissions that affect thousands of servers simultaneously through automated scanning. This checklist addresses every control that eliminates or severely reduces the most common threat categories.
On M A Global Network's managed hosting, every item on this checklist is implemented and maintained by our technical team as part of the managed service. This guide serves both as a verification checklist for current customers and as an evaluation framework for businesses assessing any hosting provider.
Network Layer Controls
✓ RDP restricted to authorised IPs only — IP-whitelisting at firewall level, not Windows Firewall
✓ All other inbound ports blocked — minimum exposure; only required services accessible
✓ Outbound restrictions where applicable — limit outbound connections to required services
✓ DDoS protection active — hardware-level protection at data centre
✓ Connection attempts logged — audit trail for unauthorised access attempts
IP-whitelisting is the single most impactful network control. An internet-facing Windows Server without IP restriction on RDP receives thousands of brute-force attempts daily from automated tools that cycle through password lists. Whitelisting reduces this to zero attempted connections from unknown sources.
Authentication Controls
| Control | Recommended Setting | Why It Matters |
|---|---|---|
| Password complexity | Minimum 12 characters, mixed case + numbers + symbols | Brute-force resistance — longer is exponentially harder |
| Account lockout threshold | 5 failed attempts → 30-minute lockout | Prevents automated password guessing |
| Account lockout reset time | 30–60 minutes | Limits sustained attack attempts |
| Administrator account renamed | Rename "Administrator" to a non-obvious username | Automated attacks target "Administrator" by default |
| Default guest account | Disabled | No anonymous access pathways |
| Network Level Authentication (NLA) | Enabled — required for all RDP connections | Authentication before session establishment — blocks certain attack types |
| Two-factor authentication | Recommended for accounts with admin access | Credential theft alone is insufficient to gain access |
OS and Software Patching
| Patch Category | Frequency | Managed by M A Global Network |
|---|---|---|
| Windows Security Updates | Monthly (Patch Tuesday + emergency patches) | ✓ Scheduled, managed |
| Windows cumulative updates | Monthly | ✓ Included |
| Tally / Busy application updates | When available from vendor | ✓ Coordinated with client |
| Antivirus definitions | Daily automatic update | ✓ Included |
EternalBlue (the exploit behind WannaCry ransomware) targeted a Windows vulnerability that Microsoft patched two months before the global outbreak. Organisations that applied patches on schedule were protected. Organisations that deferred patching for "stability" were not. Patch management is not optional — it is the primary defence against the most common ransomware vectors.
Backup Controls
| Backup Control | Requirement | M A Global Network Standard |
|---|---|---|
| Backup frequency | Daily minimum | Daily automated |
| Storage location | Off-site — physically separate from primary server | Geographically separate storage |
| Retention period | 7 days minimum | 7-day retention |
| Backup completion monitoring | Alerts on failure — not just scheduled | Monitored — failures alert team |
| Restoration testing | Quarterly test restoration | Periodic testing included |
| Backup encryption | Encrypted at rest and in transit | Encrypted |
Monitoring and Audit
- Windows event logs enabled and retained — failed logins, privilege escalations, and account changes logged for post-incident investigation
- Failed login alerts — unusual patterns of failed authentication trigger investigation
- Server uptime monitoring — automated alerts when server is unreachable
- Storage utilisation monitoring — alerts before storage fills and causes service disruption
- Backup job completion monitoring — failures trigger immediate investigation
User Access Controls
- Principle of least privilege: Each user account has only the Windows permissions needed for their role — no unnecessary administrator access
- Separate accounts per user: No shared Windows accounts — individual accounts provide individual accountability and easy revocation
- Immediate account deactivation: When a staff member leaves, their Windows account is disabled same day — they cannot connect after departure
- Tally user-level security: Tally's built-in access control restricts which companies, voucher types, and reports each user can access — configured within Tally independently of Windows access
Frequently Asked Questions
Yes. Windows Defender is included in Windows Server 2022 and configured on all M A Global Network hosted servers. For environments with specific antivirus requirements (compliance, corporate policy), third-party antivirus can be installed. The IP-whitelisting firewall significantly reduces the attack surface through which malware typically enters, but antivirus provides an additional layer of protection against threats introduced via email attachments or file uploads within legitimate RDP sessions.
When you notify M A Global Network's support team that a staff member has left, their Windows user account on the server is immediately disabled — they can no longer connect via RDP. This is a same-day action on a support request. Additionally, if the departing staff member knew the Tally company password, you should change it within Tally's security settings as well. We can guide you through both steps simultaneously.
Every Item on This Checklist — Managed for You
₹700/user/month + 18% GST. Contracted yearly. 7-day risk-free guarantee