On the new website we are bringing up the CF Administrator is available if you go to our new domain name and type in the CFIDE directory in the URL.
If I follow the recommendations from Peter at the link below -- would that be all we need to do on a Windows 2008 server? http://www.petefreitag.com/item/774.cfm -----Original Message----- From: Alan Rother [mailto:[email protected]] Sent: Thursday, June 30, 2011 10:48 AM To: cf-talk Subject: Re: Win 2008 32/CF 9 hardening after the fact One important thing is to make sure it's locked down behind a proper firewall of course. That will go a long way towards making it secure. Only open ports like 80 and 443 Of course that's just one important step. Oh, also make sure that the CF Admin is not publicly available =] On Thu, Jun 30, 2011 at 8:43 AM, Dawn Sekel <[email protected]>wrote: > > It is a dedicated web server -- no other services or applications. It has > no other services running on it except DSN connections in Coldfusion > Administrator to our various SQL server boxes and a connection to our > Microsoft exchange server for handing email in CF Admin. It is a Public > site that will receive approximately 3 million hits and about 200,000 unique > visitors a year according to our statistics from last year. > > -----Original Message----- > From: Dave Watts [mailto:[email protected]] > Sent: Thursday, June 30, 2011 10:32 AM > To: cf-talk > Subject: Re: Win 2008 32/CF 9 hardening after the fact > > > > Is it possible to go back after the fact and harden a server into a > production machine? Or do we need to start from scratch. > > Yes, it's possible to do this. But the big questions depend on how > exactly you plan to use this machine in production. Public web server? > Will it participate in a larger Windows network? Does it run other > services? > > > We have a Windows 2008 32 bit server (clean install/patches applied) > installed with CF9 out of the box in the C:\Inetpub > > default directory. We need to quickly move the machine into a production > environment. We already have the domain name > > pointed to that machine and accessible through a URL and we have > purchased a security certificate for the URL. I would > > be happy to send the site address via individual email. > > > > Unfortunately, no one in our organization is very familiar with 2008, and > our network administrator skills are limited. > > > > We came across > > > http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf > > > > and tried to follow these instructions -- but kept hitting errors and > roadblocks. So most of these steps were not done. > > I have created a new site location on a different drive and added it in > the ETC hosts file (127.0.0.1) for the primary > > application - but do not know what is needed next. > > > > Any tips, tricks dumbed down to a non-network adminstrator would be > greatfully appreciated. > > Well, this is kind of hard, actually. You can't really dumb it down to > a set of tips and tricks. That isn't how a coherent deployment is > done. > > I'd recommend that you either (a) hire a consultant to help you with > this process, or (b) try to implement the steps one-by-one and raise > individual questions here for each step that doesn't work. And, one > thing that's important - the lockdown guide, while it's very good, > doesn't really cover OS security. So, you need to do that properly > first if possible. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or on > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345974 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
