Re: IIS Hardening

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 08/31/05 

Date: Wed, 31 Aug 2005 00:19:28 GMT

On Mon, 29 Aug 2005 20:18:03 -0700, "Brian"
<Brian@discussions.microsoft.com> wrote:

>Thanks Jeff,
>
>I just need to hear this from someelse other then myself. Have you used the
>MS IIS harding utility?

It's a checklist really. And you need to look at what you're changing
and understand what it does, since following the checklists will limit
some functionality. Which is fine if you don't need that
functionality.

Jeff

>"Jeff Cochran" wrote:
>
>> On Wed, 24 Aug 2005 06:02:37 -0700, "Brian"
>> <Brian@discussions.microsoft.com> wrote:
>>
>> >I have an application running on the default Web instance in IIS. My
>> >question is that if I installed application on the default instance of IIS is
>> >there any security breaches or questions for concern by having it installed
>> >on the first default Web instance. I would think that by changing the name
>> >of this first instance that there would be no difference then creating in
>> >other instance called "ABC". If anyone could please comment on this you
>> >would be very appreciated also if this is a security breach does anybody have
>> >any Microsoft documents to say that it is or better yet it's not
>>
>> All instances have the same security issues. There's nothing special
>> about the default site. If you're worried, and there's no reason to
>> be more worried than with any other site, delete the default site then
>> create a new one.
>>
>> Jeff
>>