I have a IIS 7 web server that connects to a database. The server is accessible to the public. I am afraid that the database might be compromised. In this respect What security aspects do I need to pay attention to ? What do I need to harden this web server ?
I understand that I may need to encrrypt the connection string in the the web config file.
What are the best practices in this case ?
I have specific clients who need to connect to this server. So do I need to implement Certificates for secure connections ?