Lost in .NET Code

Developing software in .NET, Security and other ramblings.

HostingUK dedicated box tips

Friday, May 30, 2008



Been meaning to post this for a while.

When I pick up a HostingUK dedicated box. Some of the tips I give to customers when
they start with a dedicated box.


Disclaimer.

I am not a Windows expert by any means. PLEASE MAKE SURE YOU REVIEW
EVERYTHING.


Shut down All Services not needed

Unless you are using it shutdown all services.

These are the standard services that I shutdown on HostingUK box.

IIS :

Sharpoint Services

Report Server

Default Website

Administration Server (No Web Admin on)

Get a static IP Address to admin the box

Get a static ip address so that you can admin the box from only a selected set of addresses.

Confirm the Firewall rules to the ISP

Most you will need is normally:

WWW 80 / 443

FTP

HostingUK will have open a standard list.

Download and install Microsoft Baseline Security

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Run it and follow it.

Windows Update

Setup a Patch schedule and make sure you auto update regularly.

Uninstall un-needed software

If you don’t need it on the box delete it ASAP.

Change the Administrator Password

Change the administrator password. Make sure it is considerably strong
password.

Use http://www.pctools.com/guides/password/ and generator one with a reasonable length of maybe 12 chars.

Switch on Logging

Switching on logging for both SQL Server, Windows and give yourself full logging on IIS.

http://www.visualwin.com/Log-in/logging-failed-logins.html

Sql Server

Read The following:

http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc

Take offline used Websites

SQL Server 2005

Take Offline the following :

AdventureWorks
AdventureWorksDW
ReportServer
ReportServerTempDB

Rename your sa account on SQL Server and disable it.

The command used is:

ALTER LOGIN sa DISABLE;

ALTER LOGIN sa WITH NAME = [saNewAccountName];

Switch off TCP/IP access for SQL Server

SQL Server TCP/IP is at the moment for security reasons is switched off. No point having it on until we need it on. It is on shared memory.

Admin your SQL Server directly on the box

Means you don’t need to have a TCP/IP connection open.

These are just some general rules I follow when just starting with a box, hopefully it will be a good point for anyone taking over a dedicated box from HostingUK.

Labels: , ,

posted by James Knowles at 10:57 AM | 0 Comments


Subscribe in a reader


Blogs I read

Tristan Phillips
Sarah Blow (.Net Mobile)
Mike Taulty (MS DPE)
Ian Griffths (WPF)
Jack Greenfield


Useful Links

Fircroft Trust Ltd
Unwind Software Ltd


Archives

December 2006   January 2007   February 2007   March 2007   April 2007   May 2007   June 2007   October 2007   November 2007   February 2008   April 2008   May 2008   June 2008   July 2008   August 2008   October 2008   November 2008   December 2008   January 2009  


Fun and Games


 

This page is powered by Blogger. Isn't yours?