How to secure web server?

810 pts.
Tags:
Security
Windows Server 2008
Is blocking of unused open inbound / outbound ports in windows server 2008 is sufficient for security?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Disabling non-essential applications and filtering unused or unnecessary ports is definitely a step in the right direction. But as any good penetration tester will tell you, you have to be running a secured application that is properly configured. Try doing a search for web server penetration testing. Attackers will take what they do know about the system and the exposed services and attempt to break in using the weaknesses presented there. A better security approach might be to have application firewall and intrusion detection/prevention device(s) in-line with your webserver for deeper traffic inspection. This would definitely be a good idea for e-commerce or financial services.

Be sure your system is patched and the applications are securely written. That will be the greatest security precaution you can take in addition to shutting down unneeded services and blocking unneeded ports.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following