[TOOL] IIS Lockdown Tool
From: support@securiteam.comDate: 08/27/01
- Previous message: support@securiteam.com: "[NEWS] Hardware Defenses against SYN Flooding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [TOOL] IIS Lockdown Tool Message-Id: <20010827164226.D79DC138BF@mail.der-keiler.de> Date: Mon, 27 Aug 2001 18:42:26 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
IIS Lockdown Tool
------------------------------------------------------------------------
DETAILS
Microsoft has released a new security tool that makes it simple to secure
an IIS 4.0/5.0 web server. The tool, known as the IIS Lockdown Tool,
allows web servers to quickly and easily be put into the right
configuration - in which the server provides all of the services the
administrator wants to provide, and no others. Customers can use this tool
to instantly protect their systems against security threats that target
web servers.
The tool offers two operating modes. The default is Express Lockdown that,
with a single mouse click, configures the server in a highly secure way
that is appropriate for most basic web servers. For administrators who
want to choose the technologies that will be enabled on the server, the
tool offers an Advanced Lockdown mode. A comprehensive help system
provides information and recommendations for selecting the best
configuration, and an undo facility allows the most recent lockdown to be
reversed.
Wondering whether it is worth the time to use the tool? Consider this: a
web server configured using the Express Lockdown would be completely
protected against Code Red and virtually all known security
vulnerabilities affecting IIS 4.0 and 5.0 - even without the patches for
these vulnerabilities. We do recommend that all customers, even those
running locked-down servers, continue to stay current on all security
patches, but this vividly illustrates the value of the tool.
ADDITIONAL INFORMATION
The tool is available for downloading at
<http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32362>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32362.
The information has been provided by <mailto:secnotif@MICROSOFT.COM>
Microsoft Product Security.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Hardware Defenses against SYN Flooding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
