Re: iis config
From: x y (jamescagney90210@excite.com)
Date: 05/13/02
- Next message: Arnold Woods: "SSL on IIS - New Installation"
- Previous message: Colm Ward: "Re: New Virus Definition from Symantec - IIS.Traversal-Exploit"
- In reply to: chris: "iis config"
- Next in thread: Bryant: "RE: iis config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <jamescagney90210@excite.com> Date: Mon, 13 May 2002 12:27:01 -0400
This question is asked and answered every single day in this newsgroup and
on the microsoft website. Start with www.microsoft.com/security [especially
IISlockdown including URLscan and hfnetchk and signing up for the microsoft
security patches newsletter and installing patches as soon as they come out]
and also read the other messages in this newsgroup. Antivirus that
downloads updates every day [such as Norton], hardware and software
firewalls starting with Netgear and Sygate, www.mynetwatchman.com,
www.gfi.com Languard file integrity checker are all inexpensive things I
recommend highly.
If you're planning on doing your own security, it's vital to become expert
in these areas... the Foundstone / Osbourne books like hacking exposed vol 3
and incident response are good introductions. For determining if you've
been hacked, there are lots of good free tools at foundstone.com and
sysinternals.com such as fport, pstools, process explorer, filemon and
regmon. However, note that none of the resources above, except the books,
are very good at telling you how to secure a web application that is running
on your web server. If you're just serving up web pages, the above
resources should be fine.
You may want to investigate which files are supposedly containing the nimda
virus. If these files are your web log files or a software firewall running
on your server, this may be a false alarm. If you are really getting Nimda
in other files on your server and you have not installed any microsoft
patches on your system recently, it is possible that you have other
vulnerabilities and that a hacker may have already compromised the security
on your system by installing a back door remote access tool that the
security advice above will not fix. If you have a back door installed on
your system, it is possible that you may continue to be vulnerable until you
reformat and reinstall windows on your system. It is really pretty
important to secure your system using the instructions from the manufacturer
before it goes on the internet.
"chris" <baldwinchris@talk21.com> wrote in message
news:2d5801c1fa8c$8354c220$9be62ecf@tkmsftngxa03...
> we are to host our website in the near future but the
> server is very non-secure. for a start the nimda virus
> keeps coming back even though the anti virus picks it up
> and removes it. I have IIS and ISA so basically i wanted
> to know if anyone knew of any papers on the web that
> discuss configuring a totally secure server using these
> products. any advice greatly received as i am new to the
> security side of things!
- Next message: Arnold Woods: "SSL on IIS - New Installation"
- Previous message: Colm Ward: "Re: New Virus Definition from Symantec - IIS.Traversal-Exploit"
- In reply to: chris: "iis config"
- Next in thread: Bryant: "RE: iis config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
