Just a quick one really.

In the process of securing a win2k Server (done all the usual,

1. Install SP4 with post sp4 hotfixes.
2. Turned off messenger service etc.
3. Rename guest accounts etc.
4. Remove the demo/default files from the www diretories.
5. Remove all none essential shares.
6. Remove guest/everyone rights from all folders.
7. Set event viewer to reord all logons etc.
8. Disable anonymous logon/account enumeration, telnet etc
9. Removed file and print sharing.
10. Remove all non usefull protocols/clients.
11. 14 character, non dictionary password


Any more advice on how to secure this even more ? The server will also (when I install it be running PHP/MySQL.

I think the above will make it relatively secure but always looking for more security. Also is there any way to restrict what port numbers connections are accepted on ? I seem to remember one on Nt4 I think where you could restrict port.

Cheers

Stu

IPSec and RRAS Simple Firewall.

Change the Administrator login name as well...

Download and run Microsoft Base Line Security Analyzer. That will help you to secure the server further. Also, you can run some tests from sites like GFI or SyGate which allow you to probe your server for maximum port blocking and fix them.

Installing a firewall will certainly secure the server further.

also install a good firewall on server and closed all unwanted ports.

:) Its one thing saying close all unwanted ports, and another about which services to disable..

kkj, got a list of ports/services to close?

If you have an install that you have physical access to, start it up in "Safe Mode with Networking."

Run only the same services, and re-enable anything that you need (like IIS, etc.).

In reality, you can disable almost everything.