Article Announcement: IIS Lockdown and Urlscan

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 01/08/04

  • Next message: Laura Robinson: "Re: Accessing eventlogs remotely on W2K3 Server"
    Date: Thu, 8 Jan 2004 15:00:25 -0700 (MST)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    IIS Lockdown and Urlscan
    By Nishchal Bhalla and Rohyt Belani

    This article discusses two important tools provided by Microsoft, IIS
    Lockdown and Urlscan, that target significant security-related
    configuration problems for IIS versions 6.0, 5.0, and earlier.

    http://www.securityfocus.com/infocus/1755

    Marc Fossi
    Symantec Corp.
    www.symantec.com

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Laura Robinson: "Re: Accessing eventlogs remotely on W2K3 Server"

    Relevant Pages

    • Re: Trend C/S/M SMB on SBS2003
      ... IIS6 is locked down by default, so you do not need to run IIS Lockdown ... URLScan can run on IIS6 if you wish. ...
      (microsoft.public.inetserver.iis)
    • Re: Trend C/S/M SMB on SBS2003
      ... IIS6 is locked down by default, so you do not need to run IIS Lockdown ... URLScan can run on IIS6 if you wish. ...
      (microsoft.public.windows.server.sbs)
    • RE: IIS Lockdown Blues
      ... make sure you restart IIS. ... > Subject: RE: IIS Lockdown Blues ... > If you're having that many problems just running iislockd and the URLScan ... >> Newsgroups: microsoft.public.inetserver.iis.security ...
      (microsoft.public.inetserver.iis.security)
    • RE: OWA not displaying properly after upgrade- E2K to E2K3
      ... It was a permissions issue. ... I had used IIS Lockdown (urlscan is part of IIS ...
      (microsoft.public.exchange.setup)
    • Re: How do you hide the HTTP Server header?
      ... David Dietz -- IIS Technical Lead ... 2001 Microsoft Corporation. ... |>Subject: Re: How do you hide the HTTP Server header? ... |>IISlockdown includes URLscan which is I think an excellent security tool, ...
      (microsoft.public.inetserver.iis.security)