Re: How to secure IIS?

From: Walter E. (wer25@yahoo.com)
Date: 03/02/03 

From: "Walter E." <wer25@yahoo.com>
Date: Sun, 02 Mar 2003 07:29:25 GMT

Thank you, BB.

This is truly daunting and discouraging. All this stuff to maintain a simple
website? I'll just dual-boot my old PWS with FP2000 on Win98.

Well, not your fault, of course. Just a reflection on the complexity of
modern life.

Walter
www.rationality.net

"BB" <Bernard_at_3exp.com> wrote in message
news:#8XTruH4CHA.2332@TK2MSFTNGP10.phx.gbl...
> Start reading
>
> Security
>
> 1) Start
> To get the latest info regarding Microsoft products.
> Microsoft Security
> www.microsoft.com/security/
>
> and remember to subscribe the security bulletin, this give you first
> hand information about security issue related to Microsoft products.
>
> Check your system patch status
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
current.asp
> select your product and latest service packs you have, then hit the 'go'
> button
>
>
> 2) Securing IIS Server
> IIS Tools and Checklists
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/tools.asp
>
> Use MBSA and HFNetChk
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/tools/hfnetchk.asp
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/Tools/MBSAhome.asp
>
> HOW TO Install and Use the IIS Lockdown Wizard
> http://support.microsoft.com/?id=325864
>
> List of Services Needed to Run a Secure IIS Computer
> http://support.microsoft.com/?id=189271
>
>
> IIS 4.0
> Practical Recommendations for Securing Internet-Connected Windows NT
Systems
> http://support.microsoft.com/?id=164882
>
> Baseline Security Procedures for IIS 4.0 Server Builds
>
http://www.microsoft.com/windows2000/community/centers/iis/articles/021206.a
sp
>
>
> IIS 5.0
> Resources for Securing Internet Information Services
> http://support.microsoft.com/?id=282060
>
> IIS 5 HiSecWeb Potential Risks and the IIS Lockdown Tool
> http://support.microsoft.com/?id=316347
>
> Microsoft TechNet - Make your web server secure
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/chklist/wsrvsec.asp
>
> Building and Configuring More Secure Web Sites
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/openhack.asp
>
>
> 3) Extra
> Securing your IIS server is only part of you security policy or plan. IT
> security cover few
> areas, including network, application, physical and etc. You need to have
> security policy
> on network, such as firewall and intrusion detection system (IDS),
antivirus
> program, password
> policy, log auditing and etc.
>
> Windows Update
> http://windowsupdate.microsoft.com
>
> Securing Windows
> http://securityadmin.info/faq.htm#harden
>
> Security Recommendation Guides -- National Security Agency --
> http://nsa1.www.conxion.com/
>
> SAN
> http://www.sans.org
>
>
>
>
>
>
> "Walter E." <wer25@yahoo.com> wrote in message
> news:wt68a.19310$aa.6292758@twister.socal.rr.com...
> > I am switching from win98se to XP. Therefore I am losing my old PWS 4
and
> > will have to use IIS.
> >
> > I only use a web server plus FrontPage 2002 to develop and upload to my
> > webhost a single website from time to time.
> >
> > The old PWS was impervious to attack (nobody bothered), whereas IIS
seems
> to
> > be susceptible to all kinds of malware and attacks.
> >
> > What is the minimum I need to do to secure my IIS in view of my limited
> > activities? I use AVG virus checker and Zone Alarm Pro. Is that enough
> > protection?
> >
> > Thanks for any help
> >
> > Walter
> >
> >
>
>