Webserver Security (NTFS)


I'm new to the web servers and have a question regarding NTFS security on the C drive on my server (win2k).  The server is purely a webserver, so anonymous connections from the Internet require read access etc   No other access for anyone else on our network etc is required.

Basically my C drive NTFS settings which contain our website under the c:\inetpub, are not using the default permissions.  The everyone group is the only user\group that has access, modify but not full control.

C:\inetpub - locked down to my account & domain admins

C:\intetpub\wwwroot - servername\administrators & "System" account have FULL control, Everyone - Read, List, Read & execute

C:\inetpub\wwwroot\websitename - Including website sub directories & files etc

servername\administrators & "System" account have FULL control, Everyone - Read, List, Read & execute

I'm basically looking to prevent the website from being hacked & de-faced.  Does anyone have any recommendations to tighten my security further or improve it ?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

In IIS, make sure your site is setup for READ not for WRITE.  Also make sure you have the latest MS patches on the box.  You may want to consider running the IIS Lockdown Tool that MS provides.  It will harden your IIS installation.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stevendunneAuthor Commented:
Only ports 80 & 21 are open on my firewall to the server.  I've also got Intrusion prevention on my firewall to help protect me against malicious attacks over port 80 & 21 etc.  My OS which is 2000 is fully patched, I've run MSBA and no critical patches for the OS or IIS are missing.  My default website (home directory) is setup to read and not write in IIS.

Other than this the actual NTFS permissions on my C drive I'm not fully 100% about.  If I've done all the above can I can be hacked with poor NTFS permissions.  If so, looking at my config I posted early, what improvements can I make ?

I believe you are good to go.
Zaheer IqbalTechnical Assurance & ImplementationCommented:
Thats should be fine then..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.