Re: Security problem with IIS5
From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 03/29/04
- Next message: Ohaya: "Re: Problem with IIS5 - "expired" CRLs not working?"
- Previous message: 620: "How to get my CA to be trusted by external clients?"
- In reply to: Dave Navarro: "Security problem with IIS5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Mar 2004 18:17:31 GMT
On Sun, 28 Mar 2004 12:46:05 -0500, Dave Navarro <dave@dave.dave>
wrote:
>We are running IIS5 in Windows Server 2000. Two days ago, a hacker
>managed to install a trojan on our server through IIS.
>
>I have run the IIS lockdown utility and besides automatic updates, I
>*manually* check for updates every other day, so I have the latest
>updates.
>
>How can I make 100% certain that I have all of the IIS security updates
>installed?
>
>I run the Microsoft Baseline Security Analyzer weekly and with the
>exception of multiple admin accounts (necessary) everything checks out
>fine.
Try these links:
Security Checklists:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Default.asp
>From Blueprint to Fortress: A Guide to Securing IIS 5.0:
http://www.microsoft.com/technet/prodtechnol/iis/iis5/deploy/depovg/securiis.asp
Also:
Jeff
- Next message: Ohaya: "Re: Problem with IIS5 - "expired" CRLs not working?"
- Previous message: 620: "How to get my CA to be trusted by external clients?"
- In reply to: Dave Navarro: "Security problem with IIS5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
