Results 1 to 11 of 11
  1. #1

    Securing a windows 2003 web server!

    Folks, I need serious help. I am a few months away from buying my own windows 2003 server, and I need to know the best ways to secure it. I know with DDOS and ALL the easy ways to crack Windows 2003 Servers, well, I want my server to be as secure as ... serverdivision.com's ...

    Here are the specs of what i'm getting with my server;
    ECC Registered 2048 MB RAM
    Dual Xeon 2.8GHz
    Cisco PIX 501 Firewall
    10 IP's
    2 TB Bandwidth
    100Mbps Uplink
    Windows Server 2003 Standard
    Helm CP
    Shared MS SQL Server 500 MB data file
    Dell Remote Access Card (DRAC)

    I need to make the server air tight. But I am VERY new to windows hosting all together. I need to know techniques, websites, anything that people like me can study and implement to keep the server incredibly secure.

    Thanks in advance for any and all help.

  2. #2
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    Basic Steps

    1. Update all the patches
    2. Ensure FTP Anonymous Login Disabled
    3. Change the Administrator name to any other name
    4. Shutdown whatever services not needed.
    5. Use TCP Filter only allow the necessary ports.

  3. #3
    Join Date
    Dec 2003
    Location
    Pakistan
    Posts
    344
    Here are misc steps related to other components which do reflect on your server's security and performance....
    1. . Disable anonymous relay of your Mail Server
    2. . Check all MS SQL Databases to make sure that anonymous access is disabled on all important Databases.
    3. . Devide each reseller's sites into a seperate Application Pool in IIS, so that if one site goes down, it do not crash all other sites.
    4. . Some advanced coders can write a script to browse other users' sites' data and even can copy to their own site's folder and download it later with an FTP software, so you'll need to dug deeply into the Helm users' permissions on the folders other than their own home directory.
    5. . Use a site monitoring software, like Servers Alive so that you can receive an alert on your Mobile Phone if any important site goes down.
    6. . Use an MS SQL database activity analyzer, like Coefficient to detect worst SQL queries which could affect your server's efficiency.
    Muhammad Waseem
    Inspedium Corporation (Pvt) Ltd.
    InsPanel - Hosting Control Panel for Windows 2000/2003

  4. #4
    Join Date
    Jul 2003
    Location
    Connecticut
    Posts
    3,038
    The biggest things are the services.

    Make sure Telnet, MSMSG, and any 'guest' accounts are disabled.


    Besides that I was wondering if you are wanting a secure hosting platform why not use *nix? I don't want to start a debate but with all things being equal Windows platforms have many more security vulnerabilities then linux.. You might want to take a look..

  5. #5

  6. #6
    Join Date
    Oct 2003
    Location
    California
    Posts
    1,271
    I also recommend using the Security Wizard in SP1 for Win2k3 server, you can create a nice template through there to lock down alot of other stuff. However, do this on a test box and make sure everything is working before applying it to production.

    Also use the Microsoft Security Analyzer:

    http://www.microsoft.com/technet/sec.../mbsahome.mspx

    All the other suggestions above are excellent as well! Good luck on your lockdown

  7. #7
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    I wouldnt recommend security wizard unless you are sure what you are doing, a great tool but can be problematic.....

  8. #8
    Hello...

    You are doing a great job by buying a windows 2003 server. It is more user friendly than linux and it has the same features + others.
    A good thing would be to close all internet applications you don't use. The second important thing is to close all ports excepting the one you need (you can do that from windows firewall). Of course the server must have the lates updates installed.
    If your server will be only a IIS server, the built-in windows firewall is great and 100% secure + your own firewall rules, just like in linux.
    But, if you need it to be more secure and exploit-proof, i highly recommend Tiny Firewall for Server. It makes you server imune to exploits and it does not use lots of resources.

  9. #9
    Join Date
    Jan 2004
    Posts
    1,184
    Since we are on a windows disc. I would like to know what is safer.

    Helm
    our
    Plesk

    I mean safer not feature our any other thing...

    Thanks

  10. #10
    . Some advanced coders can write a script to browse other users' sites' data and even can copy to their own site's folder and download it later with an FTP software
    Yes, I am facing such a situation now... something to do with FileSystemObject and Wscript.Shell. I went searching all over the net and can't seem to find a solution. How do you guys fix it?

  11. #11
    Join Date
    Jan 2005
    Posts
    319
    Originally posted by JimTsang
    Yes, I am facing such a situation now... something to do with FileSystemObject and Wscript.Shell. I went searching all over the net and can't seem to find a solution. How do you guys fix it?
    1. set medium trust level
    2. use own application pool isolation for asp.net sites
    3. network service user has the correct permissions

    problem fixed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •