This might be a stupid question, but does anybody know how hard it is to hack / take control of a Windows 2008 R2 server?
We basically have one hosted on the web. Our SQL Server instances doesn't allow remote connections, we only have a couple of administrator accounts on the server (to manage databases / install applications) and we have a couple of FTP accounts for certain clients. Passwords are complex, but we are only sitting behind a Windows Firewall.
At the moment our server only runs applications and web applications so the search engines aren't picking our server up, but we just got a new server and I'm thinking of moving our website (currently hosted at a 3rd party) to the new server. This will however require that I install MySQL and PHP on the server.
I'd just like to get an idea of how high our risk is.