Re: harden IIS6
From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 02/04/05
- Previous message: Nate Hekman: "Re: https on a developer machine"
- In reply to: David Wang [Msft]: "Re: harden IIS6"
- Next in thread: ben: "Re: harden IIS6"
- Reply: ben: "Re: harden IIS6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 04 Feb 2005 17:27:24 GMT
On Fri, 4 Feb 2005 00:26:24 -0800, "David Wang [Msft]"
<someone@online.microsoft.com> wrote:
>IIS6 is already hardened, so just manage where the Internet users can write
>to. I suggest using a custom local username as the user identity on IIS and
>its own special NTFS ACLs so you control where this identity can write.
One additional thing I do is configure auditing so you have a trail if
something goes wrong. Keep in mind that it can use resources and
event log space if you do this. It's times like this I wish Windows
had more granular auditing capabilities, though for most stuff I use a
syslog from the firewall.
Jeff
- Previous message: Nate Hekman: "Re: https on a developer machine"
- In reply to: David Wang [Msft]: "Re: harden IIS6"
- Next in thread: ben: "Re: harden IIS6"
- Reply: ben: "Re: harden IIS6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
