Not sure if anyone was listening to episodes 134 and 135 at Hanselminutes, but at the end of show 135 Scott Hanselman has a lot of tips on how to set up a basic secure environment for a web application. As a developer, most of my time is focused on developing the application, and not on the network aspect of the project, however, as a startup, it is still an important component and without a security consultant, how to achieve and correctly configure Scott's same knowledge on this issue?
I think I'm looking for something I read (a book, an article, a website) on this topic that will help me understand Scott's recommended approach to setting up a secure network environment for hosting an application. IIS, SQL Server, firewall, updating the site without using Remote Desktop (to avoid any RDP vulnerabilities), etc.
ps Jeff - no one blames you for not having money for additional servers, we know that you could if you could afford it. Don’t take this “banker” shit from Scott, this guy worked for Microsoft for too long and forgot what he wanted to break as a startup ... hahaha.
Edit: To be clear, I'm not talking about code security, I'm talking about traffic encryption between servers, network topology, firewalls, etc.
Change # 2: Changed the section.