Re: How to secure IIS
From: Jerry III (jerryiii_at_hotmail.com)
Date: 07/03/03
- Next message: Jerry III: "Re: Replacing IIS Loging Dialog with my own"
- Previous message: Rene Baeder: "Can't show PDF-Files in Webbrowser"
- In reply to: Argyle: "Re: How to secure IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jul 2003 01:02:23 -0700
If you want to automate a bit use the MBSA
(http://www.microsoft.com/technet/security/tools/tools/mbsahome.asp), it
will help you catch the most common setup issues.
Jerry
"Argyle" <nospam@nospam.com> wrote in message
news:%23VRJcLSQDHA.2768@tk2msftngp13.phx.gbl...
> Thanks for the links, wow, good info, I have a lot to learn. I'm sorry if
I
> asked a question that must get asked a gazillion times :(
>
>
> "Bernard" <qbernard@hotmail.com> wrote in message
> news:eSTdS0QQDHA.1712@TK2MSFTNGP12.phx.gbl...
> > 1) Start
> > To get the latest info regarding Microsoft products.
> > Microsoft Security
> > www.microsoft.com/security/
> >
> > and remember to subscribe the security bulletin, this give you first
> > hand information about security issue related to Microsoft products.
> >
> > Check your system patch status
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp
> > select your product and latest service packs you have, then hit the 'go'
> > button
> >
> >
> > 2) Securing IIS Server
> > IIS Tools and Checklists
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp
> >
> > Use MBSA and HFNetChk
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/hfnetchk.asp
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp
> >
> > HOW TO Install and Use the IIS Lockdown Wizard
> > http://support.microsoft.com/?id=325864
> >
> > IIS 5.0
> > Resources for Securing Internet Information Services
> > http://support.microsoft.com/?id=282060
> >
> > IIS 5 HiSecWeb Potential Risks and the IIS Lockdown Tool
> > http://support.microsoft.com/?id=316347
> >
> > Microsoft TechNet - Make your web server secure
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist/wsrvsec.asp
> >
> > Building and Configuring More Secure Web Sites
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/openhack.asp
> >
> >
> > 3) Extra
> > Securing your IIS server is only part of you security policy or plan. IT
> > security cover few
> > areas, including network, application, physical and etc. You need to
have
> > security policy
> > on network, such as firewall and intrusion detection system (IDS),
> antivirus
> > program, password
> > policy, log auditing and etc.
> >
> > Windows Update
> > http://windowsupdate.microsoft.com
> >
> > Securing Windows
> > http://securityadmin.info/faq.htm#harden
> >
> > Security Recommendation Guides -- National Security Agency --
> > http://nsa1.www.conxion.com/
> >
> > SAN
> > http://www.sans.org
> >
> >
> >
> > --
> > Regards,
> > Bernard Cheah
> > http://support.microsoft.com/
> > Please respond to newsgroups only ...
> >
> >
> > "Argyle" <nospam@nospam.com> wrote in message
> > news:#xw1k8PQDHA.2228@tk2msftngp13.phx.gbl...
> > > IIS newbie question: I've heard horror stories about security
> > > vulnerabilities in IIS. How do you lock it down so it isn't
vulnerable?
> > I'm
> > > developing C$ asp.net apps on it, and I need it to be accessible via
the
> > > internet. How can I do this without being vulnerable to hacks,
exploits,
> > > etc?
> > >
> > >
> >
> >
>
>
- Next message: Jerry III: "Re: Replacing IIS Loging Dialog with my own"
- Previous message: Rene Baeder: "Can't show PDF-Files in Webbrowser"
- In reply to: Argyle: "Re: How to secure IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
