Please help a new starter with web server Security
I have a small web design company and have in the last 2 days just setup our own web server. hosting our customers sites on a temp basis whilst in the design stage.
This is working fine just using my static IP address, running asp, php, mysql etc. In fact I am very pleased with the way it performs with my 1mb ADSL connection. Its pulling data from mysql and access db's very well indeed.........................anyhow....
I am very very concerned about security as I am green as grass with this web hosting lark, and feel very vulnerable to attacks.
My setup is this.
Windows XP pro fully upto date with all patches
Hardware firewall locked down with port 80 forwarded to the web server.
Software firewall with IIS being the only programme opening port 80 to the internet.
I have been trying to enable Integrated Windows authentication so as I can issue passes to our clients. But was unsuccessful with this, so reverted to the not so secure Basic authentication.
How vulnerable am I to getting my server attacked and compromised using this setup?
I feel it was so easy to setup that it must be easy to break into.
Many thanks in advance for an help or points re this.
Fingers
