Course of action & Steps to Securing Windows server for hosting environment
Here, we will take Windows server 2008 OS in hosting environment and road map.
In Windows Hosting environment almost all service such as DB server for MSSQL, MySQL, Webserver, MailServer and bit more are severed by Single server.
Dont install/enable any other service that server is not going to perform.
Disable Administrator Account and create delegated Administrator account, this is most important when it comes to hosting environment.
Enable password policy, it very Important. [More granular options are available for this policy, use them if you can]. Use this policy and make sure that you inform your client about this policy and things you have implemented on your hosting server
Enable and configure Firewall. Make sure that you allow access to specific IP's for server administrator console.
http://www.pcndneurology.com/tutorial.php Use SSL access to hosting control panel.
Change Default port with SSL for RDP.
Disable DNS recursion, else your server can be used to resolve even if domain is not hosted on server.
http://www.istvanhrichak.com/example.php Install Antivirus on server and scan server at midnight OR weekends as per hosting environment allows without hampering any service.
Always installed recommended security patches/ updates that Microsoft releases. [Usually install them on weekends as it might need server reboot]
Always set Mailserver policy and limit sending emails per hosted domain per hour.
Always have rDNS record set to fully qualified server name. This is necessary else most of mails send through hosting domain will be rejected by recipient server.
Enable SPF records OR Domain Keys.
Disable Relay in Mailserver and set policy that only authenticated hosted domain users can only send emails.
Always have Mail logs enable, this will allow to monitor / logs if any send /received emails http://spokenwordbysteph.com/dump.php are not received / sent.
Enable blacklist check on mailserver, this allows to block most of spam received by hosted server server
Always try to manage hosting account from control panel rather than managing them from RDP terminal.
Disable random ports for FTP and customize them and make sure that you inform clients to configure them on their FTP client.
Disable MSSQL remote connection if possible. Usually it not done on shared hosting as it restricts user to connect from remote location. Disable FULL text catalog to increase server performance.
Disable indexing service it goes resource hungry as shared hosting server has large data.
Install Dynamic IP restriction for web-server on server and configure it as your Secure Windows Server hosting environment allows.
Most important, take care that making server secure should not hamper the hosting service it going to serve.
UK's premier Windows Web Hosting Company ?UK Hosting Hub to Secure Windows Server. Get low cost yet reliable webhosting services that suite you're small size, mid-size & larger organization.
- http://www.3rf.org/forums/profile/msacyjko
- http://halfdate.com/forums/profile.php?id=92443
- http://shumi.ro/displayimage-322.html&page=2664
- http://halfdate.com/forums/profile.php?id=150010
- http://www.zhaopian.wuweisheng.com/displayimage.php?pid=97&page=258/displayimage.php?pid=97&message_id=a72baa4d84738a8005a882f9cb0a88de&message_icon=info#cpgMessageBlock