Re: Help with Win2000 Server.

From: Red Wolf (red.wolf@onebox.com)
Date: 02/06/02

Previous message: Chris Chandler: "RE: port 12345 windows95/nt"
Maybe in reply to: TGW: "Help with Win2000 Server."
Next in thread: j.m.muurling02@kpn.com: "RE: Help with Win2000 Server."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 06 Feb 2002 14:30:03 -0500
From: "Red Wolf" <red.wolf@onebox.com>
To: theguillotine@hotmail.com, security-basics@securityfocus.com

>This server should be a web (IIS based) server
Is there a specific reason for IIS, Apache runs fine on Win2k
http://www.apache.org/dist/httpd/binaries/win32/

If IIS is a requirement install HFCHECK from
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/hfnetchk.asp

>optionally FTP server
WarFTPd from
http://www.jgaa.com/software/warftpd/

> 1) I reckon I need a software firewall. any ideas?
Tiny Personal Firewall from
http://www.tinysoftware.com

> 3) I need a remote control program. pcanyware10.5? ( I know it'll cost
> me, but i think i can make him buy this one too)
VNC from
http://www.uk.research.att.com/vnc/
with SSL
http://www.uk.research.att.com/vnc/sshvnc.html

> 4) is there any more security software I should use?
Security Planning tools for IIS
http://www.microsoft.com/technet/support/kb.asp?ID=229694
http://www.microsoft.com/downloads/release.asp?ReleaseID=24973

Win2k and IIS for dot.coms
http://www.microsoft.com/windows2000/techinfo/planning/incremental/iisdotcom.asp

URLScan and lockdown tools
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp

Banner Changers (security by obscurity)
http://www.nstalker.com/banners.php

-- RedWolf Freeware Oracle

__________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com

Previous message: Chris Chandler: "RE: port 12345 windows95/nt"
Maybe in reply to: TGW: "Help with Win2000 Server."
Next in thread: j.m.muurling02@kpn.com: "RE: Help with Win2000 Server."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: NT/IIS decoy
... Does anyone know how to hide or mask the identity of a IIS 4.0 or 5.0 server ... Principal Security Consultant ... Best Individual Income Protection Provider 2001 - Health Insurance Magazine ...
(Pen-Test)
Re: IIS6 on W2k3 DCs
... How many times in big server land do I see folks that don't have backups ... >But Small Business Server 2003 runs with IIS on our domain controller. ... >Where's MY security risks these days? ... >>By referring to numerous security guides written specifically for NT4 ...
(Focus-Microsoft)
Re: SBS 2003 After Service Pack 1 for SBS
... Controllers" groups have been added to the new CERTSVC_DCOM_ACCESS security ... we can have Certificate Services update the DCOM security settings ... down time for the server - probably over a weekend. ... Then please run command "iisreset" to refresh IIS ...
(microsoft.public.windows.server.sbs)
Re: REPOST: IIS4 Security Advice
... Well, I assume you know you need more than the latest IIS security patch, ... win 2000, one for IIS, one for Index Server, etc.] ... After installing iislockdown ...
(microsoft.public.inetserver.iis.security)
[NT] Cumulative Patch for Internet Information Services
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... security patches released for IIS 4.0 since Windows NT 4.0 Service Pack ... encoding transfer mechanism via Active Server Pages in IIS 4.0 and 5.0. ... attacker who exploited this vulnerability could overrun heap memory on the ...
(Securiteam)