Re: IIS5.0 and IIS lockdown/hardening tool/security

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 07/12/03


Date: Sat, 12 Jul 2003 08:37:30 -0700


Dave,
You should just download URLscan, unpack it, and read the ini file.
There is a fair amount of customization, room to over tighten or to
leave things too loose.
IIRC if by DevStudio you mean Visual Studio, then you need FPSE
or fileshare access

"Dave" <kdlevine@wi.rr.com> wrote in message
news:%23xKMQvGSDHA.2116@TK2MSFTNGP12.phx.gbl...
> Thanks for the response. I scanned some other messages about URLScan and I
> had a few other questions that I hope you can help me with.
>
> Is it possible to customize URLScan by web service, folder, or some other
> application specific settings? Does it simply look for references to file
> extensions without regard to how the file will be accessed? From what I've
> seen in other posts here it seems that URLScan has limited configurable
> settings.
>
> re: FPSE...If these are not installed will this effect DevStudio? I've
been
> advised that if FPSE is not installed on development machines then
> developers will be unable to develop web services. Do you have any
> information that would corroborate or refute this?
>
> Thanks again.
>
> Dave
>
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:OpX1fjCSDHA.2480@tk2msftngp13.phx.gbl...
> > > We have a DOTNET web service built with the 1.1 framework and we are
> > > targeting
> > > server machines running IIS 5.0+. We have been advised to run the IIS
> > > hardening/lockdown tool for additional security. Is anyone aware of
any
> > > problems or issues that will result from this? What problems will we
> have
> > if
> > > FrontPage Server extensions are not installed?
> >
> > As you may note if you watch the IIS newsgroups for a few
> > hours, the IIS Lockdown Wizard and the URLScan it installs
> > can affect access to web pages (mostly based on forbidding URLs
> > that reference certain extensions like DLL, EXE, ASP, etc.
> >
> > You will need to tune your URLScan.ini
> >
> > This shouldn't be affected by FPSE, but those who do run FPSE
> > note these same (class of) problems.
> >
> >
> >
>
>