Re: IIS5.0 and IIS lockdown/hardening tool/security
From: Dave (kdlevine_at_wi.rr.com)
Date: 07/12/03
- Next message: tony cooper: "IExplore 6 SP1 and NIS Firewall"
- Previous message: Jawahar Rajan: "Security - issues"
- In reply to: Herb Martin: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Next in thread: Roger Abell [MVP]: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Reply: Roger Abell [MVP]: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Reply: Herb Martin: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Reply: Jeff Cochran: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 12 Jul 2003 06:50:37 -0500
Thanks for the response. I scanned some other messages about URLScan and I
had a few other questions that I hope you can help me with.
Is it possible to customize URLScan by web service, folder, or some other
application specific settings? Does it simply look for references to file
extensions without regard to how the file will be accessed? From what I've
seen in other posts here it seems that URLScan has limited configurable
settings.
re: FPSE...If these are not installed will this effect DevStudio? I've been
advised that if FPSE is not installed on development machines then
developers will be unable to develop web services. Do you have any
information that would corroborate or refute this?
Thanks again.
Dave
"Herb Martin" <news@LearnQuick.com> wrote in message
news:OpX1fjCSDHA.2480@tk2msftngp13.phx.gbl...
> > We have a DOTNET web service built with the 1.1 framework and we are
> > targeting
> > server machines running IIS 5.0+. We have been advised to run the IIS
> > hardening/lockdown tool for additional security. Is anyone aware of any
> > problems or issues that will result from this? What problems will we
have
> if
> > FrontPage Server extensions are not installed?
>
> As you may note if you watch the IIS newsgroups for a few
> hours, the IIS Lockdown Wizard and the URLScan it installs
> can affect access to web pages (mostly based on forbidding URLs
> that reference certain extensions like DLL, EXE, ASP, etc.
>
> You will need to tune your URLScan.ini
>
> This shouldn't be affected by FPSE, but those who do run FPSE
> note these same (class of) problems.
>
>
>
- Next message: tony cooper: "IExplore 6 SP1 and NIS Firewall"
- Previous message: Jawahar Rajan: "Security - issues"
- In reply to: Herb Martin: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Next in thread: Roger Abell [MVP]: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Reply: Roger Abell [MVP]: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Reply: Herb Martin: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Reply: Jeff Cochran: "Re: IIS5.0 and IIS lockdown/hardening tool/security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
