Security Basics mailing list archives
RE: Seeking IIS v6 checklist and clarification on authentication
From: "Carl Davis" <cdavis () rvasi com>
Date: Sun, 7 May 2006 01:21:57 -0500
Here's some links to resources. Hope these help. Windows 2003/IIS 6.0 DMZ Hardening Guidelines http://www.shebeen.com/win2003/ Securing Internet Information Services 6.0 http://www.microsoft.com/smallbusiness/support/articles/sec_iis_6_0.mspx IIS 6.0 Security Best Practices http://technet2.microsoft.com/WindowsServer/en/Library/ace052a0-a713-423e-8e 8c-4bf198f597b81033.mspx Security in IIS 6.0 (links to resources) http://technet2.microsoft.com/WindowsServer/en/Library/354f4539-982a-418c-bf e7-4d5155b83f4a1033.mspx Checklist: ASP Security (IIS 6.0) http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d 2e896b5-97af-4b74-89be-55a30e1030e2.mspx?mfr=true Microsoft IIS Hardening Checklist www.uchsc.edu/is/security/IISHardeningChecklist.pdf Cheers, Carl Davis,C|EH,CISSP,MCSE,CCSA Site: http://www.rvasi.com Forum: http://www.rvasi.com/forum -----Original Message----- From: Pranav Lal [mailto:pranav.lal () gmail com] Sent: Tuesday, May 02, 2006 11:32 AM To: security-basics () securityfocus com Subject: Seeking IIS v6 checklist and clarification on authentication Hi all, I need a checklist for hardening IIS that is internet Information Services v6. I have found several guides on IIS v5 but very little on v6. This brings me to my next point. I have found an article or 2 that explains the differences between iis V5 and v6. One key difference was regarding authentication. The IIS v5 checklist suggests that basic and direct authentication should be disabled in IIS v5 since reversible encryption is used especially in direct authentication. Is this true? I believe this has changed in IIS v6 but what is the change? Pranav
Current thread:
- Seeking IIS v6 checklist and clarification on authentication Pranav Lal (May 03)
- RE: Seeking IIS v6 checklist and clarification on authentication Carl Davis (May 08)
- <Possible follow-ups>
- RE: Seeking IIS v6 checklist and clarification on authentication Mike Fetherston (May 03)
- RE: Seeking IIS v6 checklist and clarification on authentication Johnny Cho (May 04)