Re: Newest of newbies needs to know basics

From: x y, mvp (levinson_k@despammed.com)
Date: 02/27/03


From: "x y, mvp" <levinson_k@despammed.com>
Date: Thu, 27 Feb 2003 07:26:01 -0500


Patches are not the only think you need... you also should consider running
through hardening checklists for configuring Windows and IIS, disabling
unnecessary services especially unnecessary parts of IIS, installing
URLScan, etc. etc. Start with this:

http://securityadmin.info/faq.htm#harden

"Steve Dondley" <stevedondley@attbi.com> wrote in message
news:yti7a.252713$iG3.29675@sccrnsc02...
> Hi,
>
> I've got a IIS running XP on my home computer to serve web pages on the
net.
> Though everything works, I'm worried that it's totally vulnerable. One
> indication that my security it hosed is that I can log onto a virtual web
> with FrontPage and I don't need to type in a username and password. I
tried
> in vain to figure out how to set the username and password for the
> directories in my wwwroot folder. I know nothing about directory
> permissions in Windows or IIS security in general. I'm more of a
programmer
> than an sys admin.
>
> So I need a crash course in securing my machine. Can someone give me a
few
> basics steps I should take? Anyone know of any good resources on the net
> where I can bone up on IIS security?
>
> Thanks.
>
>
>