I'm a programmer, not a sys admin. My question is about securing web servers.
We have two asp.net applications that display and let download a same group of MS-Word or PDF documents.
We have decided to store those documents not in a database but in filesystem. Also we have decided to put each asp.net in different servers (Windows Server 2003 with IIS6.0). The documents will be stored in a folder of a third server. Please see picture attached. Those three servers will be inside a DMZ.
In that case, those documents should be able to be browsed by http. As they are public, we are not worry about keeping them under secret, but we are worry about a possible server hacking and modifying contents.
What would be a good way to secure that file server of documents?
Would be better to migrate to Windows Server 2008?