RE: Securing IIS/5 with ASP
From: Chris Neppes (cneppes@port80software.com)
Date: 01/24/03
- Previous message: Peter Snell: "RE: Bypass Traverse Checking?"
- Maybe in reply to: Ralph Los: "Securing IIS/5 with ASP"
- Next in thread: Holmes, Tyran: "RE: Securing IIS/5 with ASP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jan 2003 13:30:09 -0800 From: "Chris Neppes" <cneppes@port80software.com> To: "Ralph Los" <RLos@enteredge.com>, <focus-ms@securityfocus.com>
Check out this article on server anonymization for IIS Web servers at
www.port80software.com/support/art_maskyourwebserver
Best,
Chris
-----Original Message-----
From: Ralph Los [mailto:RLos@enteredge.com]
Sent: Friday, January 24, 2003 9:56 AM
To: 'focus-ms@securityfocus.com'
Subject: Securing IIS/5 with ASP
Sensitivity: Confidential
Hello,
I have a document I've built over the years about securing
IIS/5,
with regards to permissions, etc right down to the file level. This
often
works, except when I get that pesky ASP engine involved. I'm sick of
HTTP/500 errors! I know for a fact the error is with file permissions,
but
I can't pin-point which file(s) are causing it. I've had the
dllhost.exe
keep getting "ACCESS DENIED" (Using NTFileMon from sysinternals.com) on
C:\winnt\system32\<some_file> but...the permissions on that
file/folder/whatever are IUSR/IWAM/SYSTEM (RWX).
Bottom line, does anyone have a definitive "baseline IIS/5
w/ASP"
security document done I could look over? Just curious - dying to know
what
I'm missing.
?Ralph
- Next message: Jeremy Drake: "Re: Win2k log management"
- Previous message: Peter Snell: "RE: Bypass Traverse Checking?"
- Maybe in reply to: Ralph Los: "Securing IIS/5 with ASP"
- Next in thread: Holmes, Tyran: "RE: Securing IIS/5 with ASP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
