The Activation Server is basically ASP.NET web application. Please see the link below for security practices you could apply to your server.