Announcement

Collapse
No announcement yet.

to secure a server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • to secure a server

    Hi ,
    I got a web server with Public IP address and it is win 2000 server. installed the Norton Symantec AntiVirus Corporate Edition. seek your all contribution to make more secure my server. which services should I disable and which antivirus program you recommend ? highly appreciated any advice . thanks

  • #2
    Re: to secure a server

    Don't put it on a public IP would be my first recommendation. Put it in a DMZ (or at least behind a firewall), I can think of no reason why you can't do this for a webserver.

    Make sure it is up to date. Turn off unused services. Make sure your website is cwell written (not always that easy..). Run the IIS LockDown tool
    http://www.microsoft.com/technet/sec.../locktool.mspx

    Make sure your AV updates automatically.

    That is about it so far
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: to secure a server

      Originally posted by examplez View Post
      Hi ,
      I got a web server with Public IP address and it is win 2000 server. installed the Norton Symantec AntiVirus Corporate Edition. seek your all contribution to make more secure my server. which services should I disable and which antivirus program you recommend ? highly appreciated any advice . thanks
      Check out the following two links:

      SANS Institute: Securing a Windows 2000 IIS Web Server
      NACS: Installing a Safe Windows 2000 Web Server- Best Practices


      Also, take a peek at a Google search.
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: to secure a server

        Originally posted by AndyJG247 View Post
        Don't put it on a public IP would be my first recommendation. Put it in a DMZ (or at least behind a firewall), I can think of no reason why you can't do this for a webserver.
        Hmmm that is not always a fact.
        sometimes it's better and easier to give a server a public address. And why wouldn't you if you have enough addresses.
        for example:The firewall doesn't need to do NAT which gives the firewall more performance.

        However putting the server in a DMZ and behind a firewall is a good idea if possible.
        Further I agree with you
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: to secure a server

          With respect, I have to say I can't agree with you. A windows 2000 box with IIS plugged directly onto the internet. That scares me silly!
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: to secure a server

            I'm not talking about directly connected to the internet but that it isn't necessary to use NAT.
            You can using routing instead and let the firewall inspect the traffic.

            Also I know the risks of IIS5. Lockdown greatly improves the security.
            What I ment with: >> However putting the server in a DMZ and behind a firewall is a good idea if possible.

            An OWA server (running on IIS) isn't recommended to add into a DMZ.
            There are way to many ports you need to open to the internal network to let OWA work probably.
            Last edited by Dumber; 22nd April 2008, 22:42.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: to secure a server

              Ah, that makes more sense.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: to secure a server

                I've made some modification on the post
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: to secure a server

                  agreed then!
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: to secure a server

                    I've installed IIS lockdown tool and disable the several services. thank all your assist and appreciated.

                    Comment

                    Working...
                    X