Results 1 to 10 of 10
Thread: securing a win 2k3 server
-
04-02-2008, 09:56 AM #1Junior Guru Wannabe
- Join Date
- Jun 2005
- Posts
- 74
securing a win 2k3 server
Hi,
I am on the verge of getting my first dedicated server (Win2k3 Standard). Just wondering if someone can point out a few resources to me about how to secure it, what softwares to use, etc.
Thanks in advance.
Saibal.
-
04-02-2008, 10:05 AM #2Retired Moderator
- Join Date
- Nov 2002
- Location
- WebHostingTalk
- Posts
- 8,901
* Moved to Technical and Security Issues....
SiriusI support the Human Rights Campaign!
Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.
-
04-02-2008, 10:16 AM #3Junior Guru Wannabe
- Join Date
- Jun 2005
- Posts
- 74
Thanks Sirius
-
04-02-2008, 11:43 AM #4Web Hosting Evangelist
- Join Date
- Feb 2004
- Location
- Bay Area, CA
- Posts
- 521
While there may be security software out there to help with security on Windows machines, there are a couple of simple things you can do to help keep your machine safe:
- Do windows updates when they come out. If this server can afford a reboot every now and then, set automatic updates on and to reboot the machine at a time that is OK to do so.
- Run the built-in firewall or another software firewall and only open ports needed. When getting the server you might request that the firewall be enabled and only port 3389 for remote desktop opened. Then if possible just open ports to applications needed and try to avoid opening windows RPC ports to the internet (such as file sharing on port 445 and 135-139)
- Use STRONG passwords. A lot of compromises I have seen were simply because users and admins choose simple lower case words as passwords which are easily brute forced. Use a password over 14 characters (to avoid any lanman hash cracking available on the web if compromised) and use upper case, lower case, and at least 1 number in the passwords.
Using these 3 simple security principles I have been running Windows 2003 servers for years without issue or compromise... scary I know!!
-
04-02-2008, 01:13 PM #5Junior Guru Wannabe
- Join Date
- Jun 2005
- Posts
- 74
-
04-03-2008, 01:23 AM #6Web Hosting Guru
- Join Date
- Jul 2007
- Location
- Dallas, TX
- Posts
- 320
Last edited by domainworldaccess; 04-03-2008 at 01:28 AM.
https://ServersAndHosting.com
Dedicated Servers | Guaranteed Hosting
-
04-03-2008, 10:26 PM #7Junior Guru Wannabe
- Join Date
- Jun 2005
- Posts
- 74
-
04-04-2008, 07:44 AM #8Web Hosting Guru
- Join Date
- Dec 2003
- Location
- Pakistan
- Posts
- 344
Changing login name for "Administrator" to something else is a security trick too for some
If you've planed to run website(s) or provide streaming service, create a new group for each service, add new users only to their service group and restrict access for these groups only to the required resources.Muhammad Waseem
Inspedium Corporation (Pvt) Ltd.
InsPanel - Hosting Control Panel for Windows 2000/2003
-
04-04-2008, 03:34 PM #9Managed Hosting Expert
- Join Date
- Jan 2004
- Location
- North Yorkshire, UK
- Posts
- 4,164
This doesn't enhance security much. Any hacker with some basic knowledge knows what the SID for the standard 'administrator' account is. If you want to use this method to make it slightly less obvious what to log in as, disable the administrator account and create a new account with administrator privelidges.
- Do windows updates when they come out. If this server can afford a reboot every now and then, set automatic updates on and to reboot the machine at a time that is OK to do so.
Ensure you've got some good threat protection / Antivirus on the machine.
Finally as mentioned do not open your machine up to the internet unncessarily, run a firewall, disable file and printer sharing aswell as client for MS networks on your internet facing NIC.
DanLast edited by dkitchen; 04-04-2008 at 03:38 PM.
█ Dan Kitchen | Technical Director | Razorblue
█ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
█ UK Intensive Managed Hosting, Clusters and Colocation.
█ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).
-
04-09-2008, 10:40 AM #10Junior Guru Wannabe
- Join Date
- Jun 2005
- Posts
- 74
Thanks for all the replies. They were a great help
Saibal.