securing Windows 2003 web server

I have a windows 2003 server and i am about to host a website on that server. this is a dedicated server and i would like to make sure i am safe and secured. What are the main things i should concentrate on...?
Like
1) Firewall
2)Antivirus
3)web application security tester etc. (like to know how this works)

Please provide me with the links of the good products FREE/paid,

I really welcome any expert advice on this.
LVL 12
str_kaniAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TheCleanerConnect With a Mentor Commented:
Yes...

You can use Nmap found here:  http://www.insecure.org/

I also recommend Qualys' site:  http://www.qualys.com/

click on Free Tools on the right and you'll get to scan for the Top 20 SANS, etc.  You'll need to use a legitimate email address though, since the SCAN url is sent to you.
0
 
TheCleanerConnect With a Mentor Commented:
With Windows 2003, I would load SP1, get the server where you want it (IIS installed, website installed, etc.) then run the SCW (security configuration wizard) which you'll have to install from add/remove programs, Windows components.

This will "lock down" the server to only the essentials that you specify during the wizard (be careful and know what you are picking).  This greatly minimizes the "footprint" of the server and any exploits that could happen.

Firewall - only publish the ports necessary for your website to function

Antivirus - a simple on-access scanner should be sufficient

Web Application tester - Imperva is the leader in this one www.imperva.com


My advice is to also post here the "technologies" your website will use, like ASP, java, flash, SQL database backend, PHP, etc. and then experts can tell you other things to look for on those technologies.
0
 
str_kaniAuthor Commented:
thanks cleaner! :) can you please direct me to a on access scanner page? (a URL)

My site user PHP, MySQL and Flash.
0
 
TheCleanerConnect With a Mentor Commented:
http://validator.w3.org/ - that will validate your code to standards

http://www.acunetix.com/ - web app vulnerability tester  (most of these aren't free anymore anywhere)

PHP - http://seclists.org/lists/fulldisclosure/2005/Jan/0552.html

MySQL - http://www.appsecinc.com/products/appdetective/mysql/  (also the Acunetix one above will scan for SQL injection vulnerabilities etc)
0
 
str_kaniAuthor Commented:
Is there any simple and still free security scanners?
0
All Courses

From novice to tech pro — start learning today.