Hello, I am trying to secure a stand-alone Windows Server 2008. I am going to use it exclusively to run 1 windows application (the app uses port80 for in-outbound connections) I am not going to run any type of services so I believe it is best to disable all domain/sharing/printer/etc. roles. I am only going to connect to the server through RDP. (I also do not need to run terminal services.) I will also block all ports except 80 (for the application) and 3389 (RDP). My question is> How can I ensure maximum security with this setup? What will be my attack surface? Thanks in advance, georgip

This should help:http://technet.microsoft.com/en-us/library/dd450371(WS.10).aspxPaul Adare CTO IdentIT Inc. ILM MVP

Hi Paul, Thanks for the link. Can you help by directly answering both of my questions above? :)

Hi,The Windows Firewall in Windows Server 2008 blocks all inbound traffic by default. That means you only need to add rule to open the ports based on your requirement. What's New in Windows Firewall with Advanced Security http://technet.microsoft.com/en-us/library/cc755158(WS.10).aspx#bkmk_vistaThanks.This posting is provided "AS IS" with no warranties, and confers no rights.