Re: How to secure IIS

From: Jerry III (jerryiii_at_hotmail.com)
Date: 07/03/03


Date: Thu, 3 Jul 2003 01:02:23 -0700


If you want to automate a bit use the MBSA
(http://www.microsoft.com/technet/security/tools/tools/mbsahome.asp), it
will help you catch the most common setup issues.

Jerry

"Argyle" <nospam@nospam.com> wrote in message
news:%23VRJcLSQDHA.2768@tk2msftngp13.phx.gbl...
> Thanks for the links, wow, good info, I have a lot to learn. I'm sorry if
I
> asked a question that must get asked a gazillion times :(
>
>
> "Bernard" <qbernard@hotmail.com> wrote in message
> news:eSTdS0QQDHA.1712@TK2MSFTNGP12.phx.gbl...
> > 1) Start
> > To get the latest info regarding Microsoft products.
> > Microsoft Security
> > www.microsoft.com/security/
> >
> > and remember to subscribe the security bulletin, this give you first
> > hand information about security issue related to Microsoft products.
> >
> > Check your system patch status
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp
> > select your product and latest service packs you have, then hit the 'go'
> > button
> >
> >
> > 2) Securing IIS Server
> > IIS Tools and Checklists
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp
> >
> > Use MBSA and HFNetChk
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/hfnetchk.asp
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp
> >
> > HOW TO Install and Use the IIS Lockdown Wizard
> > http://support.microsoft.com/?id=325864
> >
> > IIS 5.0
> > Resources for Securing Internet Information Services
> > http://support.microsoft.com/?id=282060
> >
> > IIS 5 HiSecWeb Potential Risks and the IIS Lockdown Tool
> > http://support.microsoft.com/?id=316347
> >
> > Microsoft TechNet - Make your web server secure
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/chklist/wsrvsec.asp
> >
> > Building and Configuring More Secure Web Sites
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/openhack.asp
> >
> >
> > 3) Extra
> > Securing your IIS server is only part of you security policy or plan. IT
> > security cover few
> > areas, including network, application, physical and etc. You need to
have
> > security policy
> > on network, such as firewall and intrusion detection system (IDS),
> antivirus
> > program, password
> > policy, log auditing and etc.
> >
> > Windows Update
> > http://windowsupdate.microsoft.com
> >
> > Securing Windows
> > http://securityadmin.info/faq.htm#harden
> >
> > Security Recommendation Guides -- National Security Agency --
> > http://nsa1.www.conxion.com/
> >
> > SAN
> > http://www.sans.org
> >
> >
> >
> > --
> > Regards,
> > Bernard Cheah
> > http://support.microsoft.com/
> > Please respond to newsgroups only ...
> >
> >
> > "Argyle" <nospam@nospam.com> wrote in message
> > news:#xw1k8PQDHA.2228@tk2msftngp13.phx.gbl...
> > > IIS newbie question: I've heard horror stories about security
> > > vulnerabilities in IIS. How do you lock it down so it isn't
vulnerable?
> > I'm
> > > developing C$ asp.net apps on it, and I need it to be accessible via
the
> > > internet. How can I do this without being vulnerable to hacks,
exploits,
> > > etc?
> > >
> > >
> >
> >
>
>



Relevant Pages

  • Re: MBSA, Office Update, Versions, Failures
    ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ...
    (microsoft.public.officeupdate)
  • Re: MBSA, Office Update, Versions, Failures
    ... > I apologize for posting this to three groups (MBSA, Windows Update, Office ... with Domain User account. ... 2K Install CD. ... > Microsoft Baseline Security Advisor (? ...
    (microsoft.public.officeupdate)
  • Re: MBSA, Office Update, Versions, Failures
    ... > I apologize for posting this to three groups (MBSA, Windows Update, Office ... with Domain User account. ... 2K Install CD. ... > Microsoft Baseline Security Advisor (? ...
    (microsoft.public.windowsupdate)
  • Re: MBSA, Office Update, Versions, Failures
    ... > As for your MBSA questions: ... > machine and environment - and if it is, you can simply remove this account ... MBSA Results Issue - Macro Security, ... These residual settings for long-gone users need to be ...
    (microsoft.public.officeupdate)
  • Re: MBSA, Office Update, Versions, Failures
    ... > As for your MBSA questions: ... > machine and environment - and if it is, you can simply remove this account ... MBSA Results Issue - Macro Security, ... These residual settings for long-gone users need to be ...
    (microsoft.public.officeupdate)