Windows 2000 Web server security question

[y2kc]

I'm in the process of planning and designing a website for my small business. I have some experience with web-design and since the site will be strictly informational it won't be too complex (10 pages deep max). I'm sure I won't have too much trouble in that regard. here's my question; How unsecure is W2K as a web server? I know that linux/apache is one the most secure platforms to run a web site from, but honestly, when it comes to 'nix, I have no clue and (after doing some research) I really do not have time to figure it out.

As my plans do not include any type of web-based commerce and will not utilize a database (strictly advertisement) I'm not concerned about any type of data theft. I just don't want to be hacked, spoofed or used to distribute trojans. I did get a "coming soon" page up and running using IIS 5 with no experience so I'm assuming that if it's this easy to get out it can't be too hard to break in.

Any advice would be appreciated.

 

[netsysadmin]

I run IIS 5.0 at my job and it is fine...you just need to make sure that you set it up properly...I would suggest that you use the IIS lockdown wizard to further secure you setup...the link for it is below

IIS Lockdown Wizard

Oh and one more thing....make sure this web server is not on a mission critical box...such a Domain Controller or File Server....always isolate you web servers!

 

[nichomach]

I've replied to this in the OS forum where it was cross-posted. Please see OS Forum link

 

[Workin']

IIS can be just as secure as anything else out there.

Just make sure to run hfnetchk.exe from Microsoft to be sure all your patches and hotixes are current BEFORE you connect the server to the internet! Then run the IIS lockdown tool. You can do that before connecting to the internet, too.

If you connect an unpatched IIS server to the internet you can be infected with the Nimda or Code Red virii within hours - and you would never know the difference until you start finding *.eml files all over your server, or someone contacts your ISP to complain about you.

 

[y2kc]

Thanks all for your advice. Nick I responded to your post in the OS Forum...thanks again.

 

[groovin]

netsysadmin is right, isolate those suckers, compartmentalize your network intelligently.

 

[y2kc]

netsysadmin is right, isolate those suckers, compartmentalize your network intelligently

thanks for the followup...hey how about a sys/network admin FAQ here in the Networking forum..it'd be a great learning tool for us networking wannabes. Stuff like "securing your servers" "bricking exchange boxes" etc. Cmon admins...help us learn, take us under your wings, throw us a bone...you get the picture. A new thread on the topic would be awesome.

 

[netsysadmin]

Hey I threw my bone out already...to be honest If I tryed to answer every question here I would never get any work done...I think part of learning is finding the info for yourself...I hate people that post here wanting us admins to tell them word for word what to do...I hate that so much!!!!...I dont mind guiding someone a little once in a while but not all the time...how do you think most of us admins here learned what we know...I personally learned by teaching myself...I surf the net...read books...attend seminars...test stuff in my test lab...etc...everyday Im still learning new stuff...thats just part of the process....we gave you a direction to go in...even some links to look at...now its your job to teach yourself the rest like we do...by the way I didnt mean to pick on you y2kc directly...you had a good question and got some good responses...Im just ranting about some of the other people on the board