As a security best practice, verify the security configuration of your Infrastructure as a Service (IaaS) host server machines.

Microsoft supplies several tools to help you verify security on host server machines. Contact your Microsoft vendor for guidance on the most appropriate use of these tools.

Verify Host Server Secure Baseline

Run the Microsoft Baseline Security Analyzer (MBSA) to quickly confirm that your server has the latest updates or hot fixes. You can use the MBSA to install missing security patches from Microsoft to keep your server up-to-date with Microsoft security recommendations.

Download the latest version of the MBSA tool from the Microsoft website.

Verify Host Server Security Configuration

Use the Windows Security Configuration Wizard (SCW) and the Microsoft Security Compliance Manager (SCM) toolkit to verify that the host server is securely configured.

Run the SCW from the administrative tools from your Windows server. This tool can identify the roles of your server and the installed features including networking, Windows firewalls, and registry settings. Compare the report with the latest hardening guidance from the relevant SCM for your Windows server. Based on the results, you can fine tune security settings for each feature such as network services, account settings, and Windows firewalls, and apply the settings to your server.

You can find more information about the SCW tool on the Microsoft Technet Web site.