Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Windows Hosting Security Checklist


Windows Hosting Security Checklist




Posted by blazenetworks, 08-25-2010, 07:03 AM
Offering windows shared hosting is more vulnerable than linux shared hosting these days. I recommend you fellow hosting providers & resellers to make sure that, you are having following security features considered while managing a windows hosting client. #1. Never allow RDP access to shared hosting clients. Plesk have a feature to weather allow/block rdp access for a user. Make sure that, You are not giving full access rights to plesk control panel features for your user. Many lazy web hosting admins simply allows all plesk features are enabled for users. This will let them to gain access to RDP through plesk. #2. Never allow anonymous FTP access. Anonymous FTP access will invite all kind of security threats to your server. Never enable it. #3. FTP log monitoring for BAT file uploads. Never allow users to upload threatened files to your server. Best example is *.bat , registry files. They can not run them via browser. But, There are possibilities to execute them behind script + command prompt console. #4. Antivirus is not Anti-spyware. Always use dedicated security softwares for your server. Never use a combined & all in one applications when it comes about security. I know this will cost you extra. spending some additional bucks is better than a wipe out HDD. Any more checklist items from experienced web hosts?
Posted by WHR-Abner, 08-25-2010, 10:46 PM
5. Never install or upgrade to a Beta version of a software in a Production server. Have seen a lot of webhosts do that. #6. Never allow exe's to execute directly over http in a shared server. Some 3rd party softwares need that, say never allow http://www.domain.com/custom.exe to run. #7. Run Windows updates periodically. But never schedule other updates (other than Windows updates) to run automatically. Expecting a few more points from others.
Posted by maxknight, 08-26-2010, 01:04 AM
8. Ensure the services are running with least privilege account # 9. Do not allow custom DLL's on shared environment. In any unlike case, if it needs to be, put the source in secured area (NON-FTP). This will not give opportunity to customer to replace it. # 10. Rename the administrator account
Posted by MikeTrike, 08-26-2010, 01:11 AM
A. Uninstall Windows B. Install Linux On a serious note, Windows is fairly secure if it's patched and you don't leave everything open.
Posted by plumsauce, 08-26-2010, 01:26 AM
100 Don't offer windows hosting if you don't know what you are doing. #101 Don't offer windows hosting if you are biased against it Every single point raised above has an analog in linux, yet somehow it's a problem in windows? Get serious.
Posted by MikeTrike, 08-26-2010, 01:33 AM
Exactly, just throwing a fresh install of "insert disto here" is not a good idea either. It's knowing how to do your job that's important.
Posted by helpcenter, 08-26-2010, 11:21 AM
What is safe windows host? Safe host or safe hosting provider its big question nowadays specially for ecommerce sites which hosted on unsafe servers. Many hosting providers don’t have firewall and proper management of security especially in Windows. My recommendation to check with your windows shared hosting provider before you move hosting: 1) Firewall : Main and key point in security Windows firewall, third party firewall (Visnetic Firewall) or hardware firewall any of these are good but they should be turn on to protect server from attackers. It should be well configured and allow only traffic to and from which is necessary and genuine. Don’t allow 2) Anti-Virus/Anti-Spyware : Another key issue, up-to-date anti-virus would always protect your data from any mitigation which happens while other customers upload unnecessary secured files, executables and more. 3) Window Update: Windows Server should be updated always with latest patches. Make sure that your hosting provider updates it properly. 4) Third Party Component: They are good, everybody wants it but make sure that they are safe too. Many third party component vendors don’t update their product regularly and they don’t have update infrastructure in case of any security theft against product. 5) File System Security: Though, many hosting companies using hosting control panel to manage their hosting environment. It should be proper. They should not keep OS in same drive as Data and there should be proper permission given on each individual website so that any kind of cross site file access should be prevented. You can learn more at hxxp://hackersafe dot info/safe-windows-shared-hosting
Posted by blazenetworks, 08-26-2010, 11:26 AM
Thanks for updating this thread with your checklist items. This will be surly helpful for new windows admins. @MikeTrike., Lets say you got a wound on your hand. Will you cut it off or search for medication? Windows is a part of today's industry. You can not eliminate it. We are a system with all kind of elements integrated. We have to find a smoother way to be with it.
Posted by MikeTrike, 08-26-2010, 11:40 AM
I guess you missed the within my post.
Posted by Cicoor Host & Saas A, 08-27-2010, 01:44 PM
I always have another one to go through the setup. It's always easier to find others mistakes. :-)


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
How to Disable Executables files upload on windows server (Views: 732)
smoothly moving vbulletin without stopping it? (Views: 664)
what happened with skynet support? (Views: 721)
Is R1Soft MySQL CDP Backup Add-On compatible with Percona MySQL? (Views: 662)
DNS newbie (Views: 703)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.