Re: very basic questions

From: Jack Brewster (jbrewsterPLEASENO@SPAMnthurston.k12.wa.us)
Date: 05/30/02 

From: "Jack Brewster" <jbrewsterPLEASENO@SPAMnthurston.k12.wa.us>
Date: Thu, 30 May 2002 11:04:26 -0700

A book, which isn't necessarily aimed at a new user, but may still be
helpful to you is the Windows/IIS Administrator's Pocket Consultant. I have
one for Win2K/IIS 5.0, but I think there's one for NT4/IIS4 available.

Jack

"Ernie" <ernie@erniebornheimer.com> wrote in message
news:ad5mu50j10@enews1.newsguy.com...
> Hello
>
> My company has a web server running IIS on NT 4.0. It serves one web site
> and one FTP site. Multiple users upload to the FTP site. I'm being given
the
> role of admin for this computer with no prior experience. My questions
are
> these:
>
> Is there a resource (web/book) re IIS administration/security for a
relative
> newbie?
> My main security concerns are:
> 1 preventing unauthorized access to any files on the computer (our
> website has been defaced once lately)
> 2 restricting access to FTP upload to a set of IP addresses or
> domains
> so I need to find out how to do those things. Suggestions?
> What is IIS lockdown? Should I install/run it? If so, where do I get it?
> How do I find out more about it?
> What's the best/easiest way to stay on top of patches? How do I know which
> patches have already been installed and which are needed?
> What else do I need to know? What am I forgetting?
>
> Thanks,
>
> Ernie
>
>

Relevant Pages

  • Re: IIS Hack : Anyone explain cause...
    ... it looks like you cleaned up the server -- if you care about security, ... Microsoft tries and mostly succeeds to release patches PRIOR to ... weeks/months/years prior to exploitation. ... > protected rant as we all know that IIS and indeed lots of software has ...
    (microsoft.public.inetserver.iis)
  • RE: Logging mechanism in IIS (was RE: code red---- on system that is already (and has been) patched)
    ... distributing this file outside of the courseware is a violation of their ... Subject: Logging mechanism in IIS (was RE: code red---- on system ... traversal to get to cmd.exe) a successful attack should result in ... As your customer might already know, just installing patches does not ...
    (Focus-Microsoft)
  • Re: IIS Hack : Anyone explain cause...
    ... But as noted it was an NIMDA virus on the machine which caused the ... protected rant as we all know that IIS and indeed lots of software has ... bugs...this is why a whole host of patches have recently been released ... the virus was non-destructive and our global ...
    (microsoft.public.inetserver.iis)
  • Re: Open Ports....How to block them all....?
    ... >> What can be done to secure this server so that this doesn't keep> happening? ... Frequently this happens through an IIS> vulnerability. ... Installing Serv-U software typically involves a> person having the ability to remotely run commands and install files on your> system, ... > Remember that security is not just patches but also proper configuration and> third party hardening tools. ...
    (microsoft.public.inetserver.iis.security)
  • RE: IIS 5 Patches
    ... The IIS April Security Rollup is one of the most important packages to have ... way to check whether you have all available patches is to install and run ...
    (microsoft.public.inetserver.iis.security)