It is a dedicated web server -- no other services or applications. It has no other services running on it except DSN connections in Coldfusion Administrator to our various SQL server boxes and a connection to our Microsoft exchange server for handing email in CF Admin. It is a Public site that will receive approximately 3 million hits and about 200,000 unique visitors a year according to our statistics from last year.
-----Original Message----- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Thursday, June 30, 2011 10:32 AM To: cf-talk Subject: Re: Win 2008 32/CF 9 hardening after the fact > Is it possible to go back after the fact and harden a server into a > production machine? Or do we need to start from scratch. Yes, it's possible to do this. But the big questions depend on how exactly you plan to use this machine in production. Public web server? Will it participate in a larger Windows network? Does it run other services? > We have a Windows 2008 32 bit server (clean install/patches applied) > installed with CF9 out of the box in the C:\Inetpub > default directory. We need to quickly move the machine into a production > environment. We already have the domain name > pointed to that machine and accessible through a URL and we have purchased a > security certificate for the URL. I would > be happy to send the site address via individual email. > > Unfortunately, no one in our organization is very familiar with 2008, and our > network administrator skills are limited. > > We came across > http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf > > and tried to follow these instructions -- but kept hitting errors and > roadblocks. So most of these steps were not done. > I have created a new site location on a different drive and added it in the > ETC hosts file (127.0.0.1) for the primary > application - but do not know what is needed next. > > Any tips, tricks dumbed down to a non-network adminstrator would be > greatfully appreciated. Well, this is kind of hard, actually. You can't really dumb it down to a set of tips and tricks. That isn't how a coherent deployment is done. I'd recommend that you either (a) hire a consultant to help you with this process, or (b) try to implement the steps one-by-one and raise individual questions here for each step that doesn't work. And, one thing that's important - the lockdown guide, while it's very good, doesn't really cover OS security. So, you need to do that properly first if possible. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or on ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345961 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
