Re: security in IIS use

From: PL (pblse_at_yahoo.se)
Date: 05/11/03


Date: Sun, 11 May 2003 21:45:28 +0200


XP Pro is not a server system and if you are using it for development
you shouldn't have it exposed to the internet anyway so there's not
much to worry about if you have a personal firewall or xp's firewall
enabled.

There's a lot of bull going on about IIS security, all webservers have
had bugs in them but from XP and up there has not been any really
serious issues.

Of course ANY system (including open source bs) should be patched
up to the latest versions and locked down as much as possible.

For XP Pro, install all patches from Windows update and make
sure you have a firewall.

If you are really going to expose IIS in XP Pro on the internet
(even though it's not a server and has a ten connection limit) you
should also run IIS Lockdown to remove unnecessary services.

If you are setting up a W2k Server it's a lot more, of course the first
thing is to install SP3 and then the IIS patches released after SP3,
download these and do not have the system on the internet before it's
patched, finally install IIS Lockdown and then palce the server behind
a firewall.

PL

"Nathan" <nzygmund@aol.com> skrev i meddelandet news:023901c317ee$856b4180$3401280a@phx.gbl...
> I have just become interested in branching into e-
> commerce. I upgraded to XP pro and plan to install IIS. A
> friend and fellow web designer told me to be concerned
> with the security of my machine when IIS is installed.
> Please explain. What security measures should I take?



Relevant Pages

  • Re: I hate IIS - "Server Application Unavailable" error message
    ... I would but there is not "Application Pools" underneath the local ... Did you install, at least, the Web or Standard versions of Windows Server 2003? ... except when you choose to install IIS on a domain controller. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... IIS key to an Intel SSL acelerator ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • RE: Internet printing
    ... Configuring the IPP Print Server: ... (IIS is synonymous with PWS, Peer Web Services, which is what ... -This will install and configure basic IIS on the current machine. ...
    (microsoft.public.windows.server.sbs)
  • Re: No DHCP in administrative tools
    ... OK, we need to install the DHCP service, but we're gonna hold of a mo' on ... In computer management, expand IIS, expand websites, which sites do you ... SQL Server Config ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA 403 Forbidden, POP3,
    ... Is there a way to just re-install the IIS components to a set of Default ... incorrect type of install of Trend not in a virtual directory was probably ... From your post, I understand you after you rebuild SBS Server, you ... Go to your "%SystemRoot%\IIS Temporary Compressed Files" ...
    (microsoft.public.windows.server.sbs)