Securing a Windows Server 2008 R2 Public Web Server
Posted
by Denny Ferrassoli
on Server Fault
See other posts from Server Fault
or by Denny Ferrassoli
Published on 2010-02-05T02:33:22Z
Indexed on
2010/05/17
2:10 UTC
Read the original article
Hit count: 501
I'm setting up a public web server: Windows Server 2008 R2, IIS7.5. Does anyone have a tutorial / walkthrough / tips on properly securing a public web server? I've seen a few tutorials but mostly focused on Windows Server 2003.
What I've done so far:
- Created a specific user account for the website / app pool,
- Renamed Admin account,
- Installed FTPS,
- Configured firewall to block any non-public service (web / https),
- Configured firewall to allow access to management interfaces only from specific IP addresses (rdp, IIS management, ftp)
Maybe a few other things but can't remember at the moment...
ICMP is allowed... Should I disable all except ping?
Port scan reveals only web and https ports.
Any other suggestions?
Thanks
© Server Fault or respective owner