Idan, I've been in the same spot you're in now, so my suggestion is to buy/borrow a copy of "Securing Windows NT/2000 Servers for the Internet" by O'Reilly (get it from bookpool.com...the cheapest way to go). It has some really good info on securing a Windows host for the Internet (setting registry parameters to prevent syn flood issues, etc). For a more step by step approach, go to sans.org's bookstore. They also have a step-by-step booklet on securing Windows hosts.
Since you're wanting to use the host for several tasks (web, e-mail, etc), make sure you apply all patches for the O/S and apps (I know that's a no brainer, but it's the easiest way in, outside of a modem). For remote access, try using cygnus from Red Hat; this will allow you to SSH to/from the host, but once you've got it set up, remove all user's access via SSH except one admin account, as well as remove the cygnus features that could facilitate remote root access (glibc, etc). For logging, the Windows solution isn't the greatest, so you might want to set up a Windows version of syslog, and log that info to a different host. Also, you should get a copy of ZoneAlarm or Tiny Personal Firewall (TPF) for the host. For the best configurability, I prefer TPF, but it takes a little time to fine tune the TFP rules, and it loads early during a host reboot (ZA loads late from what I can tell). ZoneAlarm is good if you're in a hurry, but want decent security. Anyway, I hope this helps. Cheers, Greg TGW wrote: >Hello all. >I am a Programmer/Administrator, and I need help with 1 server of mine. Just >ideas, not money. :-) >Well, this guy i work for, has a win2k server at an ISP servers farm, >connected to the internet, with an ext IP. (192.XXX.XXX.XXX). Since he is >cheap, he won't authorize me buy (almost) any software. >Of course the win2k server is licensed, but he won't pay for anything else, >so we are in the freeware market - I won't go pirate. > >My questions: >This server should be a web (IIS based) server, Mail server, and optionally >FTP server. I know it's quite a lot, even for a Dual PIII700, but that's the >budget. >1) I reckon I need a software firewall. any ideas? >2) as a mail server I am using Mercury/32 from Pegasus. cons? >3) I need a remote control program. pcanyware10.5? ( I know it'll cost me, >but i think i can make him buy this one too) >4) is there any more security software I should use? > >Please don't answer with " You need a DMZ with 3 servers, a honeypot , a log >server"... >I know all that. I've been a Linux Admin for about a year, and built it from >scratch. >It's the windows security I feel puzzled about. > >So, please, contribute all your 2cents. :-) >TIA. > >Idan. >
