How to protect a File Server (Windows Server 2003) from external attacks

Posted on 2010-04-10
Medium Priority
Last Modified: 2012-06-22
We are planning to rent a remote dedicated server (Win2k3) outside our office because we need more bandwith. It will be used as a file server to store PDF files.

This server will not be in any Active Directory or Internet domain. PDF files will be accessible through web browser to everybody interested to read them. To open them, users will use a web application hosted in a different IIS Web Server. Web application will open the PDF file that is stored in remote Win2K3 server.

What basic considerations should I implement to protect this server from attacks and how to protect my PDF files to not be changed or deleted by hackers.

I am aware of basic implementations:
- Disable the main admin account and create a new admin account with a random name.
- Some guys don't recommend software firewall on a Win2k3 box  as it will create problems on server
- Instead, put a router or hardware firewall in front of the Windows Server for handling Internet traffic

Since my Win2K3 will be a remote dedicated server, I suppose that the hosting company should assure me that they put some firewall in front of my server. Are they responsible for this security level?

And for my PDF files, what should I do? It will be fair enough to check them as Read-Only?
Question by:miyahira
  • 2

Accepted Solution

Rem-8 earned 1600 total points
ID: 30319989
1. Change standard Admin account to any other name
2. Turn off guest account
3. Put a firewall in front which will pass only RPC, SMB and maybe RDP protocols (it you'd like to connect to it via RPD)
4. If you want strong security, think of certificate authentication (make a certificate with some Root CA as your trusted signer, then create certificates for all servers signed with that trusted cert and apply them to client computers and your file server

Also you can consider VPN with RRAS component on your file server and create vpn connections on client computers.
LVL 17

Assisted Solution

Steve earned 400 total points
ID: 30325842
Also consider renting a hosted server as the security for the most part would be in place as far as firewalls etc go - the changes from Rem-8 would still apply.....

Author Comment

ID: 30327215
Hi sgsm81, do you mean to rent an additional hosted server which will be used for security? So, I would rent two servers.

That security server will have firewall software installed or firewall will be hardware?
LVL 17

Expert Comment

ID: 30328507
Have a look at rackspace.com for an idea

You could rent one server in total and use their infrastructure and security which you would get regardless..........


Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question