Problem solve Get help with specific problems with your technologies, process and projects.

Disabling services to secure your Web and database servers

SearchWindowsSecurity.com expert Jonathan Hassell provides tips on locking down your Web and database servers.

What services should I turn off/disable on my Web server and database server? My Web server is a Windows 2000 Server running IIS and ColdFusion, I connect to it frequently via FTP to upload and download files and Terminal Server for remote administration. My DB server is also a Windows 2000 Server with MS SQL Server and Access databases and connects to my Web server via an internal network link and has no public outside access with the exception of FTP and Terminal Server access for me. Your recommendations are greatly appreciated.
Step one is to immediately upgrade to Windows Server 2003 on your public-facing web server. IIS on Windows 2000 Server (i.e., IIS version 5) is as secure as swiss cheese and you will be hacked sooner or later if you haven't already been. Once you've upgraded to Windows Server 2003, check out one of my SearchWindowsSecurity.com tips on locking down services on WS2003 machines.

Do you have comments on this Ask the Expert Q&A? Let us know.

Dig Deeper on Web browsers and applications

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.