-2

I hope some really cool experts can share their knowledge with me.

We have a dedicated server to host our online store

  1. Runs SQL 2005
  2. No uploading by web viewers, strictly to sell goods
  3. Server hosts a secure payment page for credit card processing. We don't store card data
  4. Subsequently, Server needs to be PCI-compliant
  5. No mail server function or FTP
  6. Server not connected to any other servers or PC

Questions:

  1. Do I need anti-virus, firewall or other software?
  2. If yes, can anyone recommend one?
  3. How do I backup server?
  4. In addition, I have a programmer who has user account in the server. How do I setup security policy so that he does not take away company data in database? He tweaks DB code every now and then.

Thanks a lot for the time and for every kind soul who attempted to answer these questions. Merry Christmas

Joseph Burnett
  • 1
  • 1
    I would think SQL injection is a bigger threat than most of the stuff you have listed above. Biggest holes in web systems is unsanitized SQL queries. Make sure you look into that strongly. – Tim Dec 24 '11 at 17:34
  • thanks for the reply Tim. Yes that has been looked after. We have a great DB guy just that we don't have a good server admin yet. Even if we do later on, I'd like to cross check with experts here :) – Joseph Burnett Dec 24 '11 at 17:46
  • If security is a concern why use server 2003 and not 2008R2? – Jim B Dec 24 '11 at 20:50
  • 1
    Right now the scope of your question is far to large for a good answer and several aspects of it are off-topic here. – Zoredache Dec 24 '11 at 22:24
  • 1
    zoredache is right, this is several questions. Of which a few are off topic. 1 and 4 are topical, 3 verges on too broad. 2 is right out. – sysadmin1138 Dec 24 '11 at 22:42

1 Answers1

2

Do I need anti-virus, firewall or other software?

Yes

If yes, can anyone recommend one?

No. that is a shopping question.

How do I backup server?

Seriously? You run a backup program like ntbackup or something else you buy saveing the results to some form of remote/removeable media. The are entire books on this subject.

In addition, I have a programmer who has user account in the server. How do I setup security policy so that he does not take away company data in database? He tweaks DB code every now and then.

Setup a dev server for him. Don't give him direct access to the production database.

Zoredache
  • 130,897
  • 41
  • 276
  • 420