Greetings.
We are almost exclusively a UNIX shop, but we maintain one Windows server for a few webhosting customers. Recently, we decided to eliminate our WatchGuard Firebox and replace it with filter rules in the MikroTik, and moved the Windows server out from behind the Firebox. Not being completely stupid, I completely locked down access to the Windows server, allowing only ftp, http, and https to go through.
A week later, the server was completely owned. Several hundred viruses, websites hijacked, etc. etc., and thank God I had a backup. I've now done what I had assumed the previous sysadmin had done (i.e. an antivirus and run Windows update).
However, obviously, the (very old) Watchguard was doing something more to protect the server than simple port filters, since simple port filters on the Mikrotik weren't enough to protect the server. The watchguard doesn't have a built-in Virus scanner, so it wasn't that.
So, here's my question: what can I do within the Mikrotik (beyond port filtering) to protect this ridiculously insecure operating system from getting owned again?
Thanks for any suggestions!
Patrick