How to protect a File Server (Windows Server 2003) from external attacks

We are planning to rent a remote dedicated server (Win2k3) outside our office because we need more bandwith. It will be used as a file server to store PDF files.

This server will not be in any Active Directory or Internet domain. PDF files will be accessible through web browser to everybody interested to read them. To open them, users will use a web application hosted in a different IIS Web Server. Web application will open the PDF file that is stored in remote Win2K3 server.

What basic considerations should I implement to protect this server from attacks and how to protect my PDF files to not be changed or deleted by hackers.

I am aware of basic implementations:
- Disable the main admin account and create a new admin account with a random name.
- Some guys don't recommend software firewall on a Win2k3 box  as it will create problems on server
- Instead, put a router or hardware firewall in front of the Windows Server for handling Internet traffic

Since my Win2K3 will be a remote dedicated server, I suppose that the hosting company should assure me that they put some firewall in front of my server. Are they responsible for this security level?

And for my PDF files, what should I do? It will be fair enough to check them as Read-Only?
LVL 1
miyahiraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rem-8Commented:
1. Change standard Admin account to any other name
2. Turn off guest account
3. Put a firewall in front which will pass only RPC, SMB and maybe RDP protocols (it you'd like to connect to it via RPD)
4. If you want strong security, think of certificate authentication (make a certificate with some Root CA as your trusted signer, then create certificates for all servers signed with that trusted cert and apply them to client computers and your file server

Also you can consider VPN with RRAS component on your file server and create vpn connections on client computers.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SteveIT ManagerCommented:
Also consider renting a hosted server as the security for the most part would be in place as far as firewalls etc go - the changes from Rem-8 would still apply.....
0
miyahiraAuthor Commented:
Hi sgsm81, do you mean to rent an additional hosted server which will be used for security? So, I would rent two servers.

That security server will have firewall software installed or firewall will be hardware?
0
SteveIT ManagerCommented:
Have a look at rackspace.com for an idea

You could rent one server in total and use their infrastructure and security which you would get regardless..........

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.