Been meaning to post this for a while.

When I pick up a HostingUK dedicated box. Some of the tips I give to customers when
they start with a dedicated box.

Disclaimer.

I am not a Windows expert by any means. PLEASE MAKE SURE YOU REVIEW
EVERYTHING.

Shut down All Services not needed

Unless you are using it shutdown all services.

These are the standard services that I shutdown on HostingUK box.

IIS :

Sharpoint Services

Report Server

Default Website

Administration Server (No Web Admin on)

Get a static IP Address to admin the box

Get a static ip address so that you can admin the box from only a selected set of addresses.

Confirm the Firewall rules to the ISP

Most you will need is normally:

WWW 80 / 443

FTP

HostingUK will have open a standard list.

Download and install Microsoft Baseline Security

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Run it and follow it.

Windows Update

Setup a Patch schedule and make sure you auto update regularly.

Uninstall un-needed software

If you don’t need it on the box delete it ASAP.

Change the Administrator Password

Change the administrator password. Make sure it is considerably strong
password.

Use http://www.pctools.com/guides/password/ and generator one with a reasonable length of maybe 12 chars.

Switch on Logging

Switching on logging for both SQL Server, Windows and give yourself full logging on IIS.

http://www.visualwin.com/Log-in/logging-failed-logins.html

Sql Server

Read The following:

http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc

Take offline used Websites

SQL Server 2005

Take Offline the following :

AdventureWorks
AdventureWorksDW
ReportServer
ReportServerTempDB

Rename your sa account on SQL Server and disable it.

The command used is:

ALTER LOGIN sa DISABLE;

ALTER LOGIN sa WITH NAME = [saNewAccountName];

Switch off TCP/IP access for SQL Server

SQL Server TCP/IP is at the moment for security reasons is switched off. No point having it on until we need it on. It is on shared memory.

Admin your SQL Server directly on the box

Means you don’t need to have a TCP/IP connection open.

These are just some general rules I follow when just starting with a box, hopefully it will be a good point for anyone taking over a dedicated box from HostingUK.