Results 1 to 11 of 11
-
04-16-2005, 03:09 AM #1Registered User
- Join Date
- Dec 2004
- Posts
- 157
Securing a windows 2003 web server!
Folks, I need serious help. I am a few months away from buying my own windows 2003 server, and I need to know the best ways to secure it. I know with DDOS and ALL the easy ways to crack Windows 2003 Servers, well, I want my server to be as secure as ... serverdivision.com's ...
Here are the specs of what i'm getting with my server;
ECC Registered 2048 MB RAM
Dual Xeon 2.8GHz
Cisco PIX 501 Firewall
10 IP's
2 TB Bandwidth
100Mbps Uplink
Windows Server 2003 Standard
Helm CP
Shared MS SQL Server 500 MB data file
Dell Remote Access Card (DRAC)
I need to make the server air tight. But I am VERY new to windows hosting all together. I need to know techniques, websites, anything that people like me can study and implement to keep the server incredibly secure.
Thanks in advance for any and all help.
-
04-16-2005, 11:41 AM #2Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
Basic Steps
1. Update all the patches
2. Ensure FTP Anonymous Login Disabled
3. Change the Administrator name to any other name
4. Shutdown whatever services not needed.
5. Use TCP Filter only allow the necessary ports.
-
04-16-2005, 01:18 PM #3Web Hosting Guru
- Join Date
- Dec 2003
- Location
- Pakistan
- Posts
- 344
Here are misc steps related to other components which do reflect on your server's security and performance....
- . Disable anonymous relay of your Mail Server
- . Check all MS SQL Databases to make sure that anonymous access is disabled on all important Databases.
- . Devide each reseller's sites into a seperate Application Pool in IIS, so that if one site goes down, it do not crash all other sites.
- . Some advanced coders can write a script to browse other users' sites' data and even can copy to their own site's folder and download it later with an FTP software, so you'll need to dug deeply into the Helm users' permissions on the folders other than their own home directory.
- . Use a site monitoring software, like Servers Alive so that you can receive an alert on your Mobile Phone if any important site goes down.
- . Use an MS SQL database activity analyzer, like Coefficient to detect worst SQL queries which could affect your server's efficiency.
Muhammad Waseem
Inspedium Corporation (Pvt) Ltd.
InsPanel - Hosting Control Panel for Windows 2000/2003
-
04-16-2005, 01:18 PM #4Carpe Diem
- Join Date
- Jul 2003
- Location
- Connecticut
- Posts
- 3,038
The biggest things are the services.
Make sure Telnet, MSMSG, and any 'guest' accounts are disabled.
Besides that I was wondering if you are wanting a secure hosting platform why not use *nix? I don't want to start a debate but with all things being equal Windows platforms have many more security vulnerabilities then linux.. You might want to take a look..
-
04-16-2005, 02:08 PM #5WHT Addict
- Join Date
- Dec 2002
- Posts
- 124
Some good resources...
for Helm:
http://kb.servertastic.com/
For Windows:
http://www.microsoft.com/serviceprov...stingguide.asp
-
04-16-2005, 02:16 PM #6Web Hosting Master
- Join Date
- Oct 2003
- Location
- California
- Posts
- 1,271
I also recommend using the Security Wizard in SP1 for Win2k3 server, you can create a nice template through there to lock down alot of other stuff. However, do this on a test box and make sure everything is working before applying it to production.
Also use the Microsoft Security Analyzer:
http://www.microsoft.com/technet/sec.../mbsahome.mspx
All the other suggestions above are excellent as well! Good luck on your lockdown
-
04-16-2005, 07:38 PM #7Retired Moderator
- Join Date
- Mar 2004
- Location
- Singapore
- Posts
- 6,990
I wouldnt recommend security wizard unless you are sure what you are doing, a great tool but can be problematic.....
-
04-17-2005, 03:44 AM #8Junior Guru Wannabe
- Join Date
- Mar 2005
- Posts
- 44
Hello...
You are doing a great job by buying a windows 2003 server. It is more user friendly than linux and it has the same features + others.
A good thing would be to close all internet applications you don't use. The second important thing is to close all ports excepting the one you need (you can do that from windows firewall). Of course the server must have the lates updates installed.
If your server will be only a IIS server, the built-in windows firewall is great and 100% secure + your own firewall rules, just like in linux.
But, if you need it to be more secure and exploit-proof, i highly recommend Tiny Firewall for Server. It makes you server imune to exploits and it does not use lots of resources.
-
04-18-2005, 05:12 AM #9Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 1,184
Since we are on a windows disc. I would like to know what is safer.
Helm
our
Plesk
I mean safer not feature our any other thing...
Thanks
-
04-18-2005, 11:38 AM #10Newbie
- Join Date
- Dec 2002
- Location
- China
- Posts
- 23
. Some advanced coders can write a script to browse other users' sites' data and even can copy to their own site's folder and download it later with an FTP software
-
04-19-2005, 05:59 PM #11Web Hosting Guru
- Join Date
- Jan 2005
- Posts
- 319
Originally posted by JimTsang
Yes, I am facing such a situation now... something to do with FileSystemObject and Wscript.Shell. I went searching all over the net and can't seem to find a solution. How do you guys fix it?
2. use own application pool isolation for asp.net sites
3. network service user has the correct permissions
problem fixed.