Folks, I need serious help. I am a few months away from buying my own windows 2003 server, and I need to know the best ways to secure it. I know with DDOS and ALL the easy ways to crack Windows 2003 Servers, well, I want my server to be as secure as ... serverdivision.com's ...
Here are the specs of what i'm getting with my server;
ECC Registered 2048 MB RAM
Dual Xeon 2.8GHz
Cisco PIX 501 Firewall
2 TB Bandwidth
Windows Server 2003 Standard
Shared MS SQL Server 500 MB data file
Dell Remote Access Card (DRAC)
I need to make the server air tight. But I am VERY new to windows hosting all together. I need to know techniques, websites, anything that people like me can study and implement to keep the server incredibly secure.
1. Update all the patches
2. Ensure FTP Anonymous Login Disabled
3. Change the Administrator name to any other name
4. Shutdown whatever services not needed.
5. Use TCP Filter only allow the necessary ports.
Here are misc steps related to other components which do reflect on your server's security and performance....
. Disable anonymous relay of your Mail Server
. Check all MS SQL Databases to make sure that anonymous access is disabled on all important Databases.
. Devide each reseller's sites into a seperate Application Pool in IIS, so that if one site goes down, it do not crash all other sites.
. Some advanced coders can write a script to browse other users' sites' data and even can copy to their own site's folder and download it later with an FTP software, so you'll need to dug deeply into the Helm users' permissions on the folders other than their own home directory.
. Use a site monitoring software, like Servers Alive so that you can receive an alert on your Mobile Phone if any important site goes down.
. Use an MS SQL database activity analyzer, like Coefficient to detect worst SQL queries which could affect your server's efficiency.
Make sure Telnet, MSMSG, and any 'guest' accounts are disabled.
Besides that I was wondering if you are wanting a secure hosting platform why not use *nix? I don't want to start a debate but with all things being equal Windows platforms have many more security vulnerabilities then linux.. You might want to take a look..
I also recommend using the Security Wizard in SP1 for Win2k3 server, you can create a nice template through there to lock down alot of other stuff. However, do this on a test box and make sure everything is working before applying it to production.
You are doing a great job by buying a windows 2003 server. It is more user friendly than linux and it has the same features + others.
A good thing would be to close all internet applications you don't use. The second important thing is to close all ports excepting the one you need (you can do that from windows firewall). Of course the server must have the lates updates installed.
If your server will be only a IIS server, the built-in windows firewall is great and 100% secure + your own firewall rules, just like in linux.
But, if you need it to be more secure and exploit-proof, i highly recommend Tiny Firewall for Server. It makes you server imune to exploits and it does not use lots of resources.
Originally posted by JimTsang Yes, I am facing such a situation now... something to do with FileSystemObject and Wscript.Shell. I went searching all over the net and can't seem to find a solution. How do you guys fix it?
1. set medium trust level
2. use own application pool isolation for asp.net sites
3. network service user has the correct permissions