Results 1 to 19 of 19
  1. #1

    Question Solutions to Secure a Windows 2003 Dedicated

    Hi
    What is the best software to be installed on the server to protect it from hack and other security issues
    Is there any todo list or some thing Like that ?
    I am using IMail as mail server, and IIS as web server, and SQL Server

  2. #2
    Join Date
    Dec 2002
    Location
    California
    Posts
    2,005
    #1: Use Windows update. Keep the box updated with all security updates.

    #2: Turn off any services you don't need/use.

    #3: Check out Microsoft's own security site. They have lots of free information on how to configure your server to be more secure, along with lots of free tools on how to help you do so. Check out the MBSA...
    I wish all my traffic went through AS174.

  3. #3
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    5,084
    Good advice. Its just keep that puppy up to date, it will do it by itself so no worries.

    Ipswitch's support for Imail is pretty good as well so you have a good product there.

    Yes run antivirus, yes run firewall.

    Just remember to omit the database files from your virus scan or you will have performance issues.
    Andrι Allen | E: aallen(a)linovus.ca
    Linovus Holdings Inc
    Shared Hosting, Reseller Hosting, VPS, Dedicated Servers & Public Cloud | USA, Canada & UK - 24x7x365 Support

  4. #4
    I am wondering if I should use some thing like ZoneAlarm or BlackIce ?

  5. #5
    Join Date
    Jul 2003
    Location
    Connecticut
    Posts
    3,038
    The biggest thing besides keeping it up to date is shutting off any services you don't need. Plus it will make your machine perform better

    For firewalls I would go with a custom IPsec ruleset if you are handy with that kind of stuff as you can tailor it to your needs pretty easily. Other then that there are a few decent commercial firewall on the market, Just stay away from anything made for a desktop pc.. (Zonealarm, Blackice)

  6. #6
    Join Date
    Jul 2002
    Posts
    3,352
    Originally posted by neonima
    I am wondering if I should use some thing like ZoneAlarm or BlackIce ?
    i use RRSA Remote Routing and service access (don't remeber what it stand for excatly off top of my head)

    it act as basic firewall. server at theplanet have been up since Aug 2004.

  7. #7
    Join Date
    Jan 2003
    Posts
    168
    The most importan solution:
    - Plug out the net-cable

    Well be aware of the Windows auto-updater as it can cause unstability if you make it install all updates automatically. People who tried with Win03 SP1 using a control panel know what I am talking about

  8. #8
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,163
    I actually had a Windows box do an auto update last week, I have no idea which patch, but after a reboot the box wouldn't come up again because of a security problem, looked all over and nothing could shed any light on a possible fix so I just had to reload the whole box (repair wouldn't work)...

    Kerio Server Firewall is also a good one to use, it's expensive but it's great. Keep away from ZoneAlarm, etc, etc ... they're rubbish and not designed for the application.

    Dan

  9. #9
    My windows 2003 is up to date and all the patches are installed
    last time I was scanning the box AV found some trojane whith the name : Backdoor.Win32.HacDef.aw
    I dont know where does it came from but it was in system32 folder !
    thats the reason I am searching for some other ways to make the box secure.

  10. Originally posted by neonima
    I am wondering if I should use some thing like ZoneAlarm or BlackIce ?
    If you can go with a hardware based firewall or one of those NIC cards that have the build in firewall you will be better off. The software firewalls have some flaws and i would rather use the default windows firewall before i use the blackice or zonealarm.

    However some firewall is better than no firewall.

  11. #11
    Join Date
    Apr 2002
    Posts
    321
    Do a search for firewall windows 2003. You'll get a big stack of threads discussing Windows 2003 security.

  12. #12
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839

  13. #13
    Join Date
    Apr 2004
    Posts
    1,834
    Don't use the browser to surf the net to unsuspecting websites.

    I have always found an Anti-Virus a waste of hard earned cash on a server, unless you want to scan email for clients. Otherwise, it serves no useful purpose.
    Ray Womack @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK™ ● Speed ● Performance ● Reliability

  14. #14
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    I have always found an Anti-Virus a waste of hard earned cash on a server, unless you want to scan email for clients. Otherwise, it serves no useful purpose.
    Umm... not exactly. Alot of times, when a server does get "Exploited" an antivirus can pick up alot of the tools used as "hack-tools".
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  15. #15
    Join Date
    Apr 2004
    Posts
    1,834
    Originally posted by thelinuxguy
    Umm... not exactly. Alot of times, when a server does get "Exploited" an antivirus can pick up alot of the tools used as "hack-tools".
    I'll keep that in mind next time I have an exploited server. I'm kinda like the Maytag repairman. Just waiting for that day....I guess it all depends on how you build them

    Thanks for the tip.
    Ray Womack @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK™ ● Speed ● Performance ● Reliability

  16. #16
    Join Date
    Mar 2005
    Location
    NY USA
    Posts
    839

  17. #17
    Join Date
    Apr 2004
    Posts
    1,834
    Originally posted by Take-IT-EZZI
    Its all about layers of security (AV). If someone gets past the perimeter, you'll be glad you have AV installed...
    I still think it is a waste of money for a professional solution, but if you just have to use something use ClamWin AV. The prices is close enough to the WHT guy's budget.

    I still think for a server an AV is as usueful as teats on a bull.
    Ray Womack @ atOmicVPS LTD
    Linux & Windows Cloud Hosting Solutions Powered by OnApp
    Fully Managed [Shared][Reseller][Cloud VPS] [Dedicated]
    Featuring the atOmicSTACK™ ● Speed ● Performance ● Reliability

  18. #18
    Join Date
    Jul 2002
    Posts
    3,352
    Originally posted by [email protected]
    If you can go with a hardware based firewall or one of those NIC cards that have the build in firewall you will be better off. The software firewalls have some flaws and i would rather use the default windows firewall before i use the blackice or zonealarm.

    However some firewall is better than no firewall.
    disagree on hardware firewall. if you go with a software firewall like checkpoint or MS ISA2004 they will do application layer protection and since it's software based admin tend to update/patch it more often.

    a hardware firewall, you will have to update the hardware firewall too and sometime you need to do a firmware update to keep the system up to date and that for novice admin is confusing and risky.

    hardware firewall still use some scaled down OS such as linux, you will have to udpate that as well...it seem like too much work just to keep it. i rather protect server at application level since today's hacking is all based on attacking/expoliting a piece of software installed on the server. i believe a software based firewall installed on the server can provide better protection against application layer attack.

    my two cent.

  19. #19
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    747
    Make sure your iMail server is not an Open-Relay.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •