|
Home > Archive > IIS Server Security > January 2005 > How do I protect my server (anti-virus/firewall)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How do I protect my server (anti-virus/firewall)
|
|
|
| Hi - I have a W2003 Web Edition dedicated server.
It runs web applications which anyone can access on behalf of my
clients.
Should I have Anti-Virus software installed (it's dedicated - and I
don't install any software - could it still come under virus attack).
What should I have setup in the way of a firewall (if anything at all) -
bearing in mind, anonymous users need to access the web sites on it?
Is there a way of securing all but the access to the web sites, apart
from my Remote Connection and FTP access?
I'd really appreciate any guidance,
Thanks, Mark
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!
| |
| Miha Pihler [MVP] 2005-01-13, 7:48 am |
| Hi Mark,
I usually recommend my customers to install AV on all their computers if
that is possible (just in case). If this is not possible, then I usually
take some additional measures to protect the server (e.g. putting server
into separate segment of the network; not allowing access to the internet
from the server (but not from the internet to the server))...
Regarding firewall -- you could probably use ICF or other personal firewall
on the computer. You then need to configure it to allow access to e.g. port
80 for web (if you don't use SSL -- if you use SSL then you would need to
also allow TCP port 443). If you also use FTP then you would need to allow
access to TCP port 21 and for RDP you would need to allow TCP port 3389.
Here are some additional resources that you might want to take a look at:
Microsoft Security Guidance Center: Internet Information Services (IIS)
Index
http://www.microsoft.com/security/g...odtech/IIS.mspx
Feel free if you have any additional questions about securing your
servers...
--
Mike
Microsoft MVP - Windows Security
"Mark" <anonymous@devdex.com> wrote in message
news:e$BGkAV%23EHA.2316@TK2MSFTNGP15.phx.gbl...
> Hi - I have a W2003 Web Edition dedicated server.
>
> It runs web applications which anyone can access on behalf of my
> clients.
>
> Should I have Anti-Virus software installed (it's dedicated - and I
> don't install any software - could it still come under virus attack).
>
> What should I have setup in the way of a firewall (if anything at all) -
> bearing in mind, anonymous users need to access the web sites on it?
>
> Is there a way of securing all but the access to the web sites, apart
> from my Remote Connection and FTP access?
>
> I'd really appreciate any guidance,
>
> Thanks, Mark
>
> *** Sent via Developersdex http://www.codecomments.com ***
> Don't just participate in USENET...get rewarded for it!
| |
| Jeff Cochran 2005-01-13, 5:53 pm |
| On Thu, 13 Jan 2005 01:13:25 -0800, Mark <anonymous@devdex.com> wrote:
>Hi - I have a W2003 Web Edition dedicated server.
>
>It runs web applications which anyone can access on behalf of my
>clients.
>
>Should I have Anti-Virus software installed (it's dedicated - and I
>don't install any software - could it still come under virus attack).
It should, but there's no requirement. You need to decide if the risk
is great enough to warrant the software.
>What should I have setup in the way of a firewall (if anything at all) -
>bearing in mind, anonymous users need to access the web sites on it?
Best is an external hardware firewall, though you can use the Server
2003 firewall if need be.
>Is there a way of securing all but the access to the web sites, apart
>from my Remote Connection and FTP access?
Sure. Port 80 is HTTP, FTP is port 21, close all other inbound (don't
know how you're connecting remotely but I suggest a VPN and locking
the firewall down tight).
Jeff
|
|
|
|
|