Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to keep a server safe?

Status
Not open for further replies.

Rizzler

Technical User
Feb 9, 2006
43
SE
ok, first some people may laugh! :) got ahead, get it out! ;) then read on.

so, im running a webserver with windows server 2003, what should i do to actully keep it safe. somepeople say "install a n antivirus and then ur 100% safe. but im not that stupid, i understand that that is NOT safe.

ant suggestions on what i should to on the server to make it safer ?
 
Unplug it, put it in a closet then seal the door with cement.

Other than that a router which NATs to the server. A firewall that has only the minimum number of ports open (for a web site port 80 only). An anti-virus program. Only installing needed software. Stay current on security patches. Stop any nonused services. Disable any nonused parts of IIS.

Denny
MCSA (2003) / MCDBA (SQL 2000) / MCTS (SQL 2005) / MCITP Database Administrator (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Rizzler,

Mrdenny is right. The only way to be 100% safe is to pull your server off any network and lock it away. I like to think of "hardening" my systems as opposed to "making them safe." Think of "hardening" as making your systems more difficult to exploit (with the techniques that mrdenny provided doing this exactly).

[purple]
SnoopFrogg
MCSE - Windows Server 2003
[/purple]
 
yes :) i understand also that 100% is impossible, but as i said i wanna make it safer then the default installation hehe! but yes as you say snoopfrogg, "hardening" would be a bether word to use. :) im running antivirus and zoneallarm right now. is that a good firewall program or do you have any suggestions?
 
Regarding firewalls, I would get a hardware firewall like a Cisco PIX, SonicWall, or other appliance.

[purple]
SnoopFrogg
MCSE - Windows Server 2003
[/purple]
 
Put it behind a firewall, keep it updated, keep it in good shape (defrag, hd space, etc), dont have any open shares and you should be fine. If the server is setup properly there should never be any files put on it other then the ones you product. If you want scan it every so often with an online virus scanner, etc.

 
Also you may want to consider as an added layer installing a host based intrusion detection software package which will check for incoming threats that firewalls cannot usually pick up on at the application layer. Hope this helps.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top