I'm new to the web servers and have a question regarding NTFS security on the C drive on my server (win2k). The server is purely a webserver, so anonymous connections from the Internet require read access etc No other access for anyone else on our network etc is required.
Basically my C drive NTFS settings which contain our website under the c:\inetpub, are not using the default permissions. The everyone group is the only user\group that has access, modify but not full control.
C:\inetpub - locked down to my account & domain admins
C:\intetpub\wwwroot - servername\administrators & "System" account have FULL control, Everyone - Read, List, Read & execute
C:\inetpub\wwwroot\websitename - Including website sub directories & files etc
servername\administrators & "System" account have FULL control, Everyone - Read, List, Read & execute
I'm basically looking to prevent the website from being hacked & de-faced. Does anyone have any recommendations to tighten my security further or improve it ?