[dba-Tech] Securing IIS

Haslett, Andrew andrew.haslett at ilc.gov.au
Thu Nov 27 03:54:24 CST 2003 

There are some good webcasts about IIS security also. A search at MS will
find them.

If you can get Win2003 - IIS6 is a huge improvement, especially security
wise.

Cheers,
Andrew

-----Original Message-----
From: Erwin Craps [mailto:Erwin.Craps at ithelps.be]
Sent: Thursday, 27 November 2003 8:13 PM
To: Discussion of Hardware and Software issues
Subject: RE: [dba-Tech] Securing IIS


Microsoft hase a Lockdown tool and URL scan.
Don't have the link but you should find it quit easy on the IIS website
of MS.

Also use the MSBA Security Base Analyzer or something.
This will scan  your system for missing fixes other then windows update.
You should find this pretty easy on technet.

And then you would need some luck too...
It's pretty wild out there :-)

Between 50 and 400 attempts is pretty normal... (in my experiance)

One good advice 
NEVER PUT AN WEBSERVER ONLINE BEFORE IT'S FULLY PATCHED AND SECURED AND
PREFERABLY BEHIND A FIREWALL.
If you do so, your server is hacked, infected or trojaned within 5
minutes.


Erwin


-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of John W.
Colby
Sent: Thursday, November 27, 2003 10:23 AM
To: DBA - Tech
Subject: [dba-Tech] Securing IIS

Can anyone point me to a good primer on securing IIS, preferably on
line?  I am trying to get an IIS server going on my in-house server to
demo web sites to clients and just don't my system exposed to hackers.

John W. Colby
www.ColbyConsulting.com


_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.

More information about the dba-Tech mailing list