Security Checklist Windows 2008

[anhikilator]

Hello Team,

I have a server running a IIS on windows 2008. I have the task of reviewing all the security and configuration policies to make it as safe as possible.

Do any of you have a checklist, tips, guide, etc to complete this task?

Thanks in advance,

Ank

 

[Boulard83]

I run a WHS2011 servers ( basically 2008 R2 ). I run BitDefender and it do a really good job. Most free AV like AVG wont work on server, you need to buy the business suite.

 

[Noshei]

Windows Server 2008 Security Checklist:

1. Upgrade to Windows Server 2008 R2
2. Done.

 

[Boulard83]

Windows Server 2008 Security Checklist:

1. Upgrade to Windows Server 2008 R2
2. Done.

loll

 

[Noshei]

Windows Server 2008 Security Checklist:

1. Upgrade to Windows Server 2008 R2
2. Done.

Actually sorry, I forgot to update that checklist. It should be as follows

1. Get Windows 8 PC
2. Upgrade to Windows Server 2012
3. Change to Core Server
4. Never Log on server again
5. Done

 

[anhikilator]

so... no one with experience hardening a server here???

 

[ebug122]

Here is a checklist I found for 2008 R2. A lot of the same suggestions would apply to 2008 as well.
https://wikis.utexas.edu/display/ISO/Windows+2008R2+Server+Hardening+Checklist

You can also download an vulnerability scanner such as Nessus
It will give you a list of known threats/vulnerabilities and suggest what you should disable on your server in order to prevent unauthorized access and/or exploitation of your data.

 

[anhikilator]

This is very helpful ebug, thank you so much!