How to secure a windows 2008 server

Question

I have a new Windows 2008 server box coming online in a co-hosted environment. It will host asp.net web applications with sql back-end.

What is the best way to secure it?

It will run IIS7 and SQL 2005. The SQL install will only allow Windows authentication. Automatic updates will be enabled.

Should I close certain ports?

I want some sort of protection against DOS attacks and malicious users.

score 1 · Answer 1 · answered Jan 12 '10 at 23:45

1

The best way? After you've got things installed, configured, and running, run the Security Configuration Wizard.

answered Jan 12 '10 at 23:45

joeqwerty

score 1 · Accepted Answer · answered Jan 13 '10 at 02:00

As long as you keep on top of the security updates and have a paranoid approach to your firewall you will be fine.

Lock down connections to specific IP's if possible
Only open what you need and firewall them off to specific applications or services.
Have ultra-secure passwords.

If you really feel like being paranoid move RDP away from 3389 and move it to another port.

2 Answers2