Security Basics mailing list archives
RE: Tools for IIS security check (fwd)
From: tetsujin () attbi com
Date: Thu, 19 Dec 2002 18:56:53 +0000
On top of that.. you may want to look at using IPSec to secure your IIS Server on top of that. There is a great article on Microsoft's Website(I used this as a point in my paper for my SANS GIAC/GCWN paper) http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp Enjoy Shannon Atkinson ---------------------- Forwarded Message: --------------------- From: "Jimmy Sansi" <jsansi () ritzfoodservice com> To: "'Harish Gondavale'" <hardgo () yahoo com>, <SECURITY-BASICS () SECURITYFOCUS COM> Subject: RE: Tools for IIS security check Date: Wed, 18 Dec 2002 10:05:01 -0800 A couple of quick suggestions (in case you haven't already, since you didn't mention what precautions you have taken so far) Make sure your at the latest service pack, and up to date with hotfixes(windows update usually works for this). Run something like hfnetchk(now a part of some new security tool they have) against the machine, read the noted security bulletins and apply the neccesary patches. MS also has the IIS lockdown tool which could help. As you suggested a program to look at available ports is handy, I happen to use nmap for a quick and dirty look to see what is open. Unless you absolutely have to I would put the machine behind some sort of firewall, or if you can't disable all un-neccesary services and run some sort of software firewall package. I don't know if you can 'secure completely' a machine that is connected to the internet however with a few precautions your much better off. To better your odds you have to stay up to date with the latest vulerabilities and keep the machine patched. -Jimmy -----Original Message----- From: Harish Gondavale [mailto:hardgo () yahoo com] Sent: Wednesday, December 18, 2002 9:25 AM To: SECURITY-BASICS () SECURITYFOCUS COM Subject: Tools for IIS security check Hi all, Can somebody give few good free tools' name, which can be used to verify that IIS is secured completely? I know few of them : Nessus, Nikto Thanks for all your help. Bye. Harish __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Current thread:
- RE: Tools for IIS security check (fwd) tetsujin (Dec 20)