RE: Securing IIS Server

From: Roland Venter (rolandv_at_xtra.co.nz)
Date: 08/09/03

  • Next message: Birl: "Re: verifying an open or closed port on an ip address" 
    To: "'Justin Martin'" <jmartin@gjonas.com>, "'NR'" <nr6106@hotmail.com>, <security-basics@securityfocus.com>
Date: Sat, 9 Aug 2003 23:29:29 +1200

    Another Link:

    Security Wizards Guide: Securing IIS
    http://www.secwiz.com/Default.aspx?tabid=39

    -----Original Message-----
    From: Justin Martin [mailto:jmartin@gjonas.com]
    Sent: Thursday, 7 August 2003 4:09 a.m.
    To: NR; security-basics@securityfocus.com
    Subject: RE: Securing IIS Server

    Here is another link for you to look at

    http://www.lokboxsoftware.com/securewin2k/

    Justin

    -----Original Message-----
    From: salgak@speakeasy.net [mailto:salgak@speakeasy.net]
    Sent: Tuesday, August 05, 2003 1:04 PM
    To: NR; security-basics@securityfocus.com
    Subject: Re: Securing IIS Server

    > -----Original Message-----
    > From: NR [mailto:nr6106@hotmail.com]
    > Sent: Tuesday, August 5, 2003 10:22 AM
    > To: security-basics@securityfocus.com
    > Subject: Securing IIS Server

    > Hi,
    >
    > I have IIS Server in which i want to install IIS lockdown and URLScan,
    > i heard they are very good to protect IIS server,
    > are they worth installing, and if not, is there any other tools i can
    use
    > to secure my IIS ?

    FDISK /MBR and Install Linux or FreeBSD ??? (sorry, couldn't resist)

    First, what version of IIS are we talking here ? IIS 3 or 4 running on
    NT, IIS 5 on 2000, or IIS 6 on 2003 ?

    Then comes the task of hardening not just the IIS, but the server you're
    running it on. IIS is only PART of the task.

    If it's 2000, start here:

    http://nsa2.www.conxion.com/win2k/download.htm

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Birl: "Re: verifying an open or closed port on an ip address"

    Relevant Pages

    • RE: Securing IIS Server
      ... Also check out SecureIIS. ... | Subject: RE: Securing IIS Server ... |> I have IIS Server in which i want to install IIS lockdown and URLScan, ...
      (Security-Basics)
    • RE: Securing IIS Server
      ... > Subject: Securing IIS Server ... > I have IIS Server in which i want to install IIS lockdown and URLScan, ... Then comes the task of hardening not just the IIS, ...
      (Security-Basics)
    • Securing IIS Server
      ... ('binary' encoding is not supported, ... I have IIS Server in which i want to install IIS lockdown and URLScan, ...
      (Security-Basics)
    • RE: Securing IIS Server
      ... Network Security Analyst ... Pager: 8884238615 ... I have IIS Server in which i want to install IIS lockdown and URLScan, ...
      (Security-Basics)
    • RE: Securing IIS Server
      ... Subject: Securing IIS Server ... I have IIS Server in which i want to install IIS lockdown and URLScan, ...
      (Security-Basics)