To ensure the stability of the operating system, which is the Foundation of any server, stay up to date with the latest security updates. The hotfix can be run by mouse click or perform the necessary settings to achieve a silent installation. Given that hackers can automate the attack, finding servers with an unspecified updates, don't forget to monitor their timeliness and novelty of the installed versions.
Always update all software to the web server. That does not apply to such necessary components as remote desktop services or a DNS server, remove or disable. If some of them cannot be dispensed with, make sure that you have not used easy passwords and default passwords.
Be sure to use antivirus software. Combined with a flexible firewall, it will effectively protect against security threats. Until you install a quality antivirus package, the vulnerability of the system will be used by hackers introducing malware and downloading hack tools.
Do not install unnecessary components, since any of them has a risk. Along with their increase in increases total risk. Remember that any oversight in the security system enough to attack.
When using a common and quite popular component of Internet Information Services (IIS) disable default services such as SMTP or FTP. Disable the directory browsing, as it shows visitors the files used by the system. Deactivate all those Front Page server extensions that are not used. Enable automatic update of IIS using the Windows control panel.
If you are using the Apache web server, include only the required functionality resources by excluding access to resources by default. Keep a log of requests to be able to identify suspicious activity. Subscribe to the Apache Server Announcement, timely supply of patches and updates for security.