Re: How to secure a web server?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 10/15/04 

Date: Fri, 15 Oct 2004 14:26:54 +1000

Whilst some have made recommendations with regard to software you can use
(ISA Server, URLScan), you need to remember that security is not "a product"
you install, but a process.

Security involves evaluating threats, and working out what the consequences
are to you and what the likelihood of them occuring is, and whether it makes
sense to take the time and money to stop/mitigate the threat. Security is
often described as "a journey not a destination - there is no such thing as
the perfectly secure system".

For information on best practise security options, check the Windows 2003
and IIS security centres here:
http://www.microsoft.com/technet/security/default.mspx

But remember, installing a firewall doesn't help you if you don't patch you
server and someone discovers a buffer overflow in IIS. A firewall doesn't
help if you have a weak password, and you allow terminal services through
your firewall. Firewall doesn't help if someone comes and steals your box
(etc, etc, etc). There is a lot more to "security" than just installing some
software.

Cheers
Ken

"David Freeman" <no-email@mailingspam.com> wrote in message
news:OjxB6JesEHA.1308@tk2msftngp13.phx.gbl...
> Hi There!
>
> I'm using Windows Server 2003 with IIS6 for my ASP.NET website.
>
> What programs do I need on my server to secure my web server 99%? I've got
> ZoneAlarm on my web server. However, I'm sure I need much more than just a
> firewall, to prevent attacks such as Denial of Service, hackers, data
> theft...etc.
>
> So I would like to know if you guys can point me out the security programs
> that a web server must have?
>
> And thinking out of the square, should I install hardware firewall? If so,
> which are the good ones? Please advice!
>
> Many thanks in advance!!
>
> David
>

Relevant Pages

  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Feedback solicited - best way to harden a mail/web server?
    ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
    (comp.os.linux.security)