Results 1 to 10 of 10
  1. #1
    Join Date
    Mar 2004
    Location
    Belgium
    Posts
    81

    Securing my server

    Hello everybody,

    Next week I'm about to move my server from home to my colocation facility. It runs Windows 2000 Server on it, and to say, I'm quite concerned about security.

    How can I prevent that my server is being hacked?
    I've already disabled services in windows that aren't needed, disabled netbios as far as possible.

    I'm running Apache, with php and mysql + perl. As DNS server software I'm using microsoft's one included with windows 2000 server.

    I've created an IpSec policy to block all incoming traffic except service ports that I need.

    Is there anything I can do to secure my server more? How can I prevent a DOS attack? etc...

  2. #2
    Join Date
    Feb 2003
    Location
    Rialto, CA
    Posts
    2,039
    You cant prevent a (D)DoS attack... and theres nothing that will make your box unhackable.. but so far you're on the right track...

  3. #3
    Greetings:

    MrDredd is correct that you cannot have a hacker proof or DoS proof system on the Internet.

    However, you can take measures to make your system more resistant against hackers and survive light DOS attacks.

    Look at setting up the following:

    * Firewall

    * mod_security from http://www.modsecurity.org/ (since you mentioned you are running Apache)

    * Reviewing the security alerts and tools mentioned on http://www.microsoft.com/technet/security/default.mspx and taking action as appropriate.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  4. #4
    Join Date
    Mar 2004
    Location
    Belgium
    Posts
    81
    Any recommendations regarding a good firewall?

  5. #5
    Greetings:

    Visnetic for a software firewall.

    Watchguard for hardware firewalls.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  6. #6
    Join Date
    Mar 2004
    Location
    Belgium
    Posts
    81
    Any free alternatives?

  7. #7
    Free and Good are hard to find at the same time, but maybe someone will have some open-source options...

  8. #8
    Greetings:

    Well if you want free and good, then set up a Linux box as a front end running iptables ;-)

    I hear Microsoft Corporation utilizes Linux boxes as part of their site security.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  9. #9
    Join Date
    Mar 2004
    Location
    Belgium
    Posts
    81
    Yes I know, I should be using linux :p
    But I've concluded I don't have enough experience with Linux to put it somewhere remote and administrate it from home.

    I've set up a linux box here, and I had to go do something with the machine itself WAAAAY to many times because I screwed up something with SSH...

  10. My rule of server deployment.

    1) Use a firewall (hardware should be used unless you are really strapped for cash)

    2) In the firewall, disable everything and add only ports, ip ranges that need to be exposed to the outside.

    3) Use only secure connection such as SSH.

    4) Even if you are using SSH, use the firewall to block SSH to only your IP at home/work.

    5) Add rules to firewall so that the firewall admin interface is only accessible to your home/work IP or locally in front of the machine.

    6) Don't even think about running a Windows machine unless you have a firewall with damn strict rules listed above. Within seconds of you plugging a windoze server on a crowded colocation network, the ip will be hit with probed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •