Re: HOW TO IIS -Security
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 May 2006 15:27:05 +1000
You can obtain the entire IIS Resource Kit from the Microsoft website for
free.
Alternatively, there is the book I mentioned (it covers IIS security)
Otherwise, depending on your time, you can search the web for the equivalent
content. but how much is your time worth?
Cheers
Ken
"phil" <philip.prabhakar@xxxxxxxxx> wrote in message
news:1148649040.533718.101610@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hey Thanks man for the suggestion
After Disabling this it works better, if you have any suggestion..let
me know..Meanwhile if u have any online site where i learn more about
IIS security just past it across. Thanks once again
regards
Philip
Ken Schaefer wrote:
"phil" <philip.prabhakar@xxxxxxxxx> wrote in message
news:1148542660.865052.202830@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello
thanks for reply
a) How do you know there is no security?
Well, as mentioned earlier that anyone can access this domain from
anywhere with read and write permissions...
How do you know they aren't sending credentials? Have you checked the
relevant IIS logfiles?
b)Are you allowing anonymous access?
Yes this is a public website
c)Do you have WebDAV enabled in the Web Service Extensions list?
Well Im new to this field so i don't know about this...well where can i
get the info on my machine whether WebDAV is enabled???
Open IIS Manager. There is a node called "Web Service Extensions". Locate
WebDav. Disable it.
If you need more help on securing IIS, I co-wrote a book with Bernard
Cheah
(another IIS MVP). You can order it from Amazon.com (or any other
bookstore):
http://www.amazon.com/exec/obidos/ASIN/1931836256/adopenstati0f-20
Cheers
Ken
regards
Phil
Ken Schaefer wrote:
Hi,
a) How do you know there is no security? Are you allowing anonymous
access?
Have you configured NTFS permissions to restrict which users can
access
the
files?
b) Do you have WebDAV enabled in the Web Service Extensions list? They
are
accessing the site via WebDAV by the looks of it - if you have it
enabled,
you need to take additional steps to restrict who can view what.
Otherwise
disable WebDAV if you don't need that functionality.
Cheers
Ken
"phil" <philip.prabhakar@xxxxxxxxx> wrote in message
news:1148532255.803316.252990@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi!! & Hello!!!
Well I have a server where I have hosted many sites on IIS 6.0. When
the users I mean the public users (anyone from anywhere) if they go
to
their Start->Run-> from windows and type the IP address(for eg
\\83.485.574.22) like this it opens up the default site with full
directory view and ...with all the files and folders. write
permission
.how can i stop this ??? i mean their is no security at all how can
i
stop this???
regards
Phil
.
- References:
- HOW TO IIS -Security
- From: phil
- Re: HOW TO IIS -Security
- From: Ken Schaefer
- Re: HOW TO IIS -Security
- From: phil
- Re: HOW TO IIS -Security
- From: Ken Schaefer
- Re: HOW TO IIS -Security
- From: phil
- HOW TO IIS -Security
- Prev by Date: ISAPI filter to block images....
- Next by Date: Re: ASP error script and trojan
- Previous by thread: Re: HOW TO IIS -Security
- Next by thread: Re: HOW TO IIS -Security
- Index(es):
Relevant Pages
|
