IIS 5 on Win2k - protecting from DoS and other vulnerabilities

From: shikarishambu (roshan_shankar@notmail.com)
Date: 01/26/03


From: "shikarishambu" <roshan_shankar@notmail.com>
Date: Sun, 26 Jan 2003 11:19:14 -0600

Hi All,
    I am a newbie in the scurity realm. I have a secure site that is hosted
on IIS and uses client side certificates for access to the site. And,
further forms based authentication on getting access to the site to use the
site functionality.

I want to know how significant is the treat of DoS attacks are in a secure
(SSL) based site that uses client side certificates for access. Also, other
issues/ vulnerablilites that I need to watch out for.

I also have a non secure site hosted on the same server as the secure site.
Does this increase the level of threat and am I better of moving the sites
onto separate servers.

Thanks



Relevant Pages

  • Re: IIS 5 on Win2k - protecting from DoS and other vulnerabilities
    ... >on IIS and uses client side certificates for access to the site. ... >I also have a non secure site hosted on the same server as the secure site. ...
    (microsoft.public.inetserver.iis.security)
  • Re: SSL Multiple Ports
    ... > mapping with client certs on the WS accessing my secure site. ... You may want to look at proxy server issues ...
    (microsoft.public.inetserver.iis)
  • Re: SSL Multiple Ports
    ... >> mapping with client certs on the WS accessing my secure site. ... >> install a client web cert you get the above mentioned error. ...
    (microsoft.public.inetserver.iis)
  • Re: SSL Multiple Ports
    ... >> mapping with client certs on the WS accessing my secure site. ... >> install a client web cert you get the above mentioned error. ...
    (microsoft.public.inetserver.iis)
  • remove user name and passwords
    ... log into a secure site, such as my company's web email ... client, and i'm prompted for my user name and password, ... How can either disable or erase saved user name and ...
    (microsoft.public.windows.inetexplorer.ie6.browser)