Re: Web server issue
- From: Duane Arnold <""Yep-Don't-Bother\"@You-got-it-right@.BET">
- Date: Sun, 07 May 2006 04:27:36 GMT
peter.mcclymont@xxxxxxxxx wrote:
Thanks, that all seems to help.
I have the IP address right (it is dynamic), but actually when I do
this,
http://localhost/localstart.asp
or
http://LAN-IP/localstart.asp
it asks me to authenticate. Does this mean I do not have the
authentication set up properly in IIS?
Yes, that what it means. I would suggest that you use IUSR_Computer Internet Guest Account, which is the NT-OS account provided by the NT based O/S. You configure IIS to use that account as the anonymous logon account authentication method to use, along with Windows NT authentication.
Also, the machine's ASPNET account may need to be on the Inetpub virtual directory for the application if it's not there. The ASPNET machine account must be accounted for when the ASP.NET application is accessing folders, SQL Server databases, tables or otherwise.
Do you think win 2000 would be secure enough to run a web server (if
properly locked down of course)?
Win 2K pro or Win XP pro it makes no difference for the NT class O/S(s). If the O/S, files system, which should be NTFS, user accounts, registry and IIS are not properly secured for a NT O/S class machine that is being exposed to the public Internet, then you will have problems. There are books and information out Google on how to properly do this.
What type of firewall should I use then if ZoneAlarm is not good
enough.
You should be using a packet filtering FW router or FW appliance that can stop inbound and outbound traffic that has a syslog where you can use something like Wallwatcher or KWIW Syslog Daemon to watch traffic to from the router. They have low-end FW appliances like Watchguard, Sonicwall, Cisco, SnapGear and others, which you can buy a used one if need be that has a full warrantee the whole nine yards. Or you can get a FW router that is ICSA certified. NetGear has a router that is ICSA certified and there are others.
Yes, do understand what an Internet FW is and what FW solutions are about, like host based software solutions that use two network interface cards. One NIC that faces the Internet and the other one that faces the LAN or a hardware based solutions.
ZA or a personal FW/host based packet filter is not a FW solution as it doesn't separate two networks usually that's the Internet it's protecting from and the other one in the LAN it is protecting.
Some home based NAT routers that do not meet the specs in the first link are not FW solutions but they are better than nothing.
http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html
http://www.more.net/technical/netserv/tcpip/firewalls/
But the most important thing is to secure or harden the NT based O/S to face the Internet.
Here is a little start but there is more information to secure the NT based O/S and IIS and you should find it.
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
You do know that you can only have 10 concurrent connection to IIS running on the Pro versions of those O/S(s).
Duane :)
.
- References:
- Web server issue
- From: peter . mcclymont
- Re: Web server issue
- From: Frankster
- Re: Web server issue
- From: Peter Boosten
- Re: Web server issue
- From: Frankster
- Re: Web server issue
- From: peter . mcclymont
- Web server issue
- Prev by Date: Re: Web server issue
- Next by Date: Re: Web server issue
- Previous by thread: Re: Web server issue
- Next by thread: Re: Web server issue
- Index(es):
Relevant Pages
|
