Using Windows 2000 server as a web server.
19 December 2002, 02:27 PM
#1
Scooby Regular
Thread Starter
Join Date: Nov 2000
Location: Glasgow
Posts: 1,432
Likes: 0
Received 0 Likes
on
0 Posts
Okay hope some of you can help me on this. Our company has just purchased a Dell PowerEdge 2650 that we are going to send to Scolocate (Data Centre) for web hosting. This will be running a Veritas backup system, ASP web pages, JMail, Checkpoint firewall and a SQL server database.
Before handing over the system to the guy who is installing it into the data centre I have to do updates, install software and get relevant services sorted.
So far I have:
Installed and tested Veritas
Installed all Microsoft updates
Installed www.analog.cx (Stats software)
Installed the site and SQL server database
Still to do:
Remove all network protocols except TCP/IP
Remove Netbios
Stop / Remove services
What services do I stop or remove? Does anyone know of a good document to follow for getting a web server running securely?
I will need terminal services to access the server and the guys who are installing it are installing Checkpoint Firewall.
Have I forgotten anything?
Also before site launch I will need to do load testing. I will also have to get a security audit or something similar done. Does anyone know of a good place to start for these?
Before handing over the system to the guy who is installing it into the data centre I have to do updates, install software and get relevant services sorted.
So far I have:
Installed and tested Veritas
Installed all Microsoft updates
Installed www.analog.cx (Stats software)
Installed the site and SQL server database
Still to do:
Remove all network protocols except TCP/IP
Remove Netbios
Stop / Remove services
What services do I stop or remove? Does anyone know of a good document to follow for getting a web server running securely?
I will need terminal services to access the server and the guys who are installing it are installing Checkpoint Firewall.
Have I forgotten anything?
Also before site launch I will need to do load testing. I will also have to get a security audit or something similar done. Does anyone know of a good place to start for these?
19 December 2002, 02:43 PM
#2
Moderator
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
Secure IIS with some help from this guide
Consider running the IIS Lockdown Tool. It might break something though, so read first.
Run the MS Baseline Security Checker to check all hotfixes are present and the machine is semi secure.
And review the IIS Security Checklist
Also register to receive MS Security Notifications
[Edited by ChrisB - 12/19/2002 2:43:52 PM]
[Edited by ChrisB - 12/19/2002 2:45:05 PM]
Consider running the IIS Lockdown Tool. It might break something though, so read first.
Run the MS Baseline Security Checker to check all hotfixes are present and the machine is semi secure.
And review the IIS Security Checklist
Also register to receive MS Security Notifications
[Edited by ChrisB - 12/19/2002 2:43:52 PM]
[Edited by ChrisB - 12/19/2002 2:45:05 PM]
19 December 2002, 03:21 PM
#4
Scooby Regular
Apache wont run ASP like IIS does. There is an Apache::ASP module for mod_perl but it's not compatible. I don't know how stable mod_perl 2 is for Apache 2.0 on Win32 anyway, and you'll definitely need Apache 2.0 for Win32 as it's a native port, 1.3 isn't and I wouldn't recommend running it. Lock down that IIS as much as you can 
19 December 2002, 06:07 PM
#5
Scooby Regular
Join Date: Nov 2002
Posts: 320
Likes: 0
Received 0 Likes
on
0 Posts
You can remove IIS completly , and run Apache instead
we do it a lot, as we use Tomcat as well, for Novell Portal Services, and we are the leading company in Europe for NPS
We got more reference sites than Novell
I wouldnt install Checkpoint on the same box as anything else at all
Use a seperate box, or get a Nokia 330 FW-1
Steve
we do it a lot, as we use Tomcat as well, for Novell Portal Services, and we are the leading company in Europe for NPS
We got more reference sites than Novell
I wouldnt install Checkpoint on the same box as anything else at all
Use a seperate box, or get a Nokia 330 FW-1
Steve
Thread
Thread Starter
Forum
Replies
Last Post