Results 1 to 10 of 10
  1. #1
    Join Date
    Jun 2005
    Posts
    74

    securing a win 2k3 server

    Hi,

    I am on the verge of getting my first dedicated server (Win2k3 Standard). Just wondering if someone can point out a few resources to me about how to secure it, what softwares to use, etc.

    Thanks in advance.
    Saibal.

  2. #2
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,901
    * Moved to Technical and Security Issues....

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  3. #3
    Join Date
    Jun 2005
    Posts
    74
    Thanks Sirius

  4. #4
    Join Date
    Feb 2004
    Location
    Bay Area, CA
    Posts
    521
    While there may be security software out there to help with security on Windows machines, there are a couple of simple things you can do to help keep your machine safe:

    - Do windows updates when they come out. If this server can afford a reboot every now and then, set automatic updates on and to reboot the machine at a time that is OK to do so.

    - Run the built-in firewall or another software firewall and only open ports needed. When getting the server you might request that the firewall be enabled and only port 3389 for remote desktop opened. Then if possible just open ports to applications needed and try to avoid opening windows RPC ports to the internet (such as file sharing on port 445 and 135-139)

    - Use STRONG passwords. A lot of compromises I have seen were simply because users and admins choose simple lower case words as passwords which are easily brute forced. Use a password over 14 characters (to avoid any lanman hash cracking available on the web if compromised) and use upper case, lower case, and at least 1 number in the passwords.

    Using these 3 simple security principles I have been running Windows 2003 servers for years without issue or compromise... scary I know!!

  5. #5
    Join Date
    Jun 2005
    Posts
    74
    Quote Originally Posted by eger View Post
    Using these 3 simple security principles I have been running Windows 2003 servers for years without issue or compromise... scary I know!!
    Will keep this in mind . Thanks

  6. #6
    Join Date
    Jul 2007
    Location
    Dallas, TX
    Posts
    320
    Last edited by domainworldaccess; 04-03-2008 at 01:28 AM.
    https://ServersAndHosting.com
    Dedicated Servers | Guaranteed Hosting

  7. #7
    Join Date
    Jun 2005
    Posts
    74

  8. #8
    Join Date
    Dec 2003
    Location
    Pakistan
    Posts
    344
    Changing login name for "Administrator" to something else is a security trick too for some

    If you've planed to run website(s) or provide streaming service, create a new group for each service, add new users only to their service group and restrict access for these groups only to the required resources.
    Muhammad Waseem
    Inspedium Corporation (Pvt) Ltd.
    InsPanel - Hosting Control Panel for Windows 2000/2003

  9. #9
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,164
    Quote Originally Posted by mwaseem View Post
    Changing login name for "Administrator" to something else is a security trick too for some
    This doesn't enhance security much. Any hacker with some basic knowledge knows what the SID for the standard 'administrator' account is. If you want to use this method to make it slightly less obvious what to log in as, disable the administrator account and create a new account with administrator privelidges.

    - Do windows updates when they come out. If this server can afford a reboot every now and then, set automatic updates on and to reboot the machine at a time that is OK to do so.
    Performing regular updates is important. You should DOWNLOAD the updates automatically but do not INSTALL them automatically as suggested here. Updates often cause services to fail/stop and will undoubtely make sites on your server unavailable at some point - install the updates manually so you know everything is still working and preferably reboot too.

    Ensure you've got some good threat protection / Antivirus on the machine.

    Finally as mentioned do not open your machine up to the internet unncessarily, run a firewall, disable file and printer sharing aswell as client for MS networks on your internet facing NIC.

    Dan
    Last edited by dkitchen; 04-04-2008 at 03:38 PM.
    █ Dan Kitchen | Technical Director | Razorblue
    █ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
    █ UK Intensive Managed Hosting, Clusters and Colocation.
    █ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).

  10. #10
    Join Date
    Jun 2005
    Posts
    74
    Thanks for all the replies. They were a great help

    Saibal.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •