are these OK for normal level of win server security?

I am quite a newbie in handling server security and right now trying to secure a win 2003 server.

Here is what i have done so far:

- i closed all the ports using RRAS except the ports for FTP server, SMTP, POP3, remote desktop, HTTP and HTTPS
- i disabled anynomous FTP
- i turned on automatic windows update

so what i want to ask is:

1) You think these are OK for normal level of protection?
2) and / or how can i find ready to import ipsec policy?
3) if i set up a firewall (thinking of tiny firewall 6 since its cheap) is it very difficult to set it up? is it possible to find importable rule sets for that?

thank you!

 

 

 

 

Top