Re: HOW TO IIS -Security

Hey Thanks man for the suggestion
After Disabling this it works better, if you have any suggestion..let
me know..Meanwhile if u have any online site where i learn more about
IIS security just past it across. Thanks once again

regards
Philip

Ken Schaefer wrote:
"phil" <philip.prabhakar@xxxxxxxxx> wrote in message
news:1148542660.865052.202830@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello
thanks for reply

a) How do you know there is no security?
Well, as mentioned earlier that anyone can access this domain from
anywhere with read and write permissions...

How do you know they aren't sending credentials? Have you checked the
relevant IIS logfiles?



b)Are you allowing anonymous access?
Yes this is a public website

c)Do you have WebDAV enabled in the Web Service Extensions list?
Well Im new to this field so i don't know about this...well where can i
get the info on my machine whether WebDAV is enabled???

Open IIS Manager. There is a node called "Web Service Extensions". Locate
WebDav. Disable it.

If you need more help on securing IIS, I co-wrote a book with Bernard Cheah
(another IIS MVP). You can order it from Amazon.com (or any other
bookstore):
http://www.amazon.com/exec/obidos/ASIN/1931836256/adopenstati0f-20

Cheers
Ken



regards
Phil

Ken Schaefer wrote:
Hi,

a) How do you know there is no security? Are you allowing anonymous
access?
Have you configured NTFS permissions to restrict which users can access
the
files?

b) Do you have WebDAV enabled in the Web Service Extensions list? They
are
accessing the site via WebDAV by the looks of it - if you have it
enabled,
you need to take additional steps to restrict who can view what.
Otherwise
disable WebDAV if you don't need that functionality.

Cheers
Ken


"phil" <philip.prabhakar@xxxxxxxxx> wrote in message
news:1148532255.803316.252990@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi!! & Hello!!!

Well I have a server where I have hosted many sites on IIS 6.0. When
the users I mean the public users (anyone from anywhere) if they go to
their Start->Run-> from windows and type the IP address(for eg
\\83.485.574.22) like this it opens up the default site with full
directory view and ...with all the files and folders. write permission
.how can i stop this ??? i mean their is no security at all how can i
stop this???

regards
Phil



.

Relevant Pages

  • Re: HOW TO IIS -Security
    ... How do you know there is no security? ... c)Do you have WebDAV enabled in the Web Service Extensions list? ... Open IIS Manager. ... There is a node called "Web Service Extensions". ...
    (microsoft.public.inetserver.iis.security)
  • Re: What are the known security of IIS with WebDav??
    ... therefore i am searching some information about WebDav on the IIS ... Our internet hosting provider tells about some security problems with ... WebDav and they are wary for hosting WebDav. ... I think your internet hosting provider just doesn't want ...
    (microsoft.public.inetserver.iis.security)
  • Re: HOW TO IIS -Security
    ... there is the book I mentioned (it covers IIS security) ... IIS security just past it across. ... c)Do you have WebDAV enabled in the Web Service Extensions list? ... There is a node called "Web Service Extensions". ...
    (microsoft.public.inetserver.iis.security)
  • Will this prevent anonymous IIS connections?
    ... You can tell IIS what account to use for anonymous ... security, and where you can check "anonymous access", ... and we also have IIS running on it. ... >And, if it is not the case (i.e., if disabling those will ...
    (microsoft.public.win2000.security)
  • Anonymous access from web - yes or no?
    ... the Director Security of the Default Web Site in IIS? ... Will disabling this affect any inter-application/system processes?? ...
    (microsoft.public.windows.server.sbs)