4

I have Windows Server 2008, with IIS 7.5 and SQL Server 2008. I want to install DotNetNuke which is an ASP.NET application. What are the necessary precautions to not to get pwn3d.

Joel Coel
  • 12,932
  • 14
  • 62
  • 100
Rook
  • 2,655
  • 6
  • 27
  • 35

2 Answers2

3

This is a very open ended question I think. Use your favorite search engine to search for:
"iis7 hardnening" or "sql 2008 hardening" (etc.) and it should get you started.

Here are some examples of good hardening practices:
IIS 7
SQL 2008
Windows Server 2008
DotNetNuke

MattB
  • 11,194
  • 1
  • 30
  • 36
2

Outside standard configuration settings such as strong password enforcement in windows/sql, and even for users in the application, and web site precautions for XSS and other common attacks, you also want to make sure that the application is secured, any configuration files with connection strings or passwords encrypted, security data encrypted too (that you store in SQL Server), and so on.

Brian Mains
  • 202
  • 6
  • 16