Re: very basic questions

From: Ernie (ernie@erniebornheimer.com)
Date: 05/30/02

• Next message: Keith W. McCammon: "Re: very basic questions"
• Previous message: Jack Brewster: "Re: very basic questions"
• In reply to: Ernie: "very basic questions"
• Next in thread: x y: "Re: very basic questions"
• Reply: x y: "Re: very basic questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Ernie" <ernie@erniebornheimer.com>
Date: Thu, 30 May 2002 10:48:43 -0700

And another issue: how does a firewall work with IIS? What security issues
should a firewall address and what can/should be taken care of by settings
in IIS?

Thanks,

Ernie

"Ernie" <ernie@erniebornheimer.com> wrote in message
news:ad5mu50j10@enews1.newsguy.com...
> Hello
>
> My company has a web server running IIS on NT 4.0. It serves one web site
> and one FTP site. Multiple users upload to the FTP site. I'm being given
the
> role of admin for this computer with no prior experience. My questions
are
> these:
>
> Is there a resource (web/book) re IIS administration/security for a
relative
> newbie?
> My main security concerns are:
> 1 preventing unauthorized access to any files on the computer (our
> website has been defaced once lately)
> 2 restricting access to FTP upload to a set of IP addresses or
> domains
> so I need to find out how to do those things. Suggestions?
> What is IIS lockdown? Should I install/run it? If so, where do I get it?
> How do I find out more about it?
> What's the best/easiest way to stay on top of patches? How do I know which
> patches have already been installed and which are needed?
> What else do I need to know? What am I forgetting?
>
> Thanks,
>
> Ernie
>
>

---

• Next message: Keith W. McCammon: "Re: very basic questions"
• Previous message: Jack Brewster: "Re: very basic questions"
• In reply to: Ernie: "very basic questions"
• Next in thread: x y: "Re: very basic questions"
• Reply: x y: "Re: very basic questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: User with blank password cannot login ... blank password to access the FTP site. ... password logged in OK on my original W2K with IIS 5 box. ... This can be changed by opening up the Local Security Policy, ... you will find "Accounts: Limit local account ... (microsoft.public.inetserver.iis.ftp) Re: Mac Server Hacked In Less Than 6 Hours ... Windows has RAS, and for it is built in since NT 3.1 ... | A typical IIS box and this Mac are not the same thing so the comparison ... IIS has been subject to quite a few bugs and so have ... Security isn't a proprietary attribute. ... (sci.crypt) Re: DCOM calls fails - access denied ... That's exactly how I understood the ASP.NET security. ... But why does one configuration work but not the other? ... should get the token from IIS. ... If you set there a domain account, ... (microsoft.public.dotnet.framework.aspnet.security) Re: How to secure IIS? ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ... (microsoft.public.inetserver.iis.security) RE: .pdf security using ASP.NET security... ... I am wondering if using the aspnet_isapi.dll to handle PDF files security ... IIS has a list of Application Mappings which dictate whether a particular ... entries that tell aspnet_isapi.dll what to do with various file types. ... Files that do have app mappings require all the same steps, ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)