Re: security at home running iis

From: Rob Hughes (
Date: 02/26/03

From: "Rob Hughes" <>
Date: Wed, 26 Feb 2003 21:47:32 GMT

Follow-up question...

On the directory security tab, the frame for "IP address and domain name
restrictions" is disabled. Do you know why? (I should probably I'm not using
NTFS at this time. I know, I know...)

Thanks again for the tips. I ran the IIS lockdown tool and the MS security
analyzer gives me a passing grade now. (For whatever that's worth!)

"x y, mvp" <> wrote in message
> Check out Basically I would right-click on the web server
> root in the IIS MMC and in the tab for Security, set up an IP address
> restriction so that only permitted IP addresses can view the site. A
> firewall is another good idea to block this [briefly block anyone not
> an approved IP address from addressing a packet to TCP port 80 on your web
> server... although a good firewall shoudl be blocking a lot more than that
> anyways].
> I would still really consider hardening windows and IIS on your computer
> fully using the URL below. An unhardened windows computer, especially one
> running IIS with the default settings, can be hacked 15 minutes after
> put on the internet. There are plenty of posts here from people who
> they didn't need to harden a computer because it was just a test server,
> then something really bad happened that sapped all their internet
> prevented them from being able to log into the computer, etc. etc.
> "Rob Hughes" <> wrote in message
> news:Kl57a.51890$
> > Hello, I'm doing some web development at home and I have IIS setup
> > to test my sites. How can I set up IIS so that I can browse the sites
> > locally but no one can get in from the outside? (I'm on a cable modem.)
> >
> > Thanks.
> >
> >