Security Basics mailing list archives
RE: Tools for IIS security check
From: "Jimmy Sansi" <jsansi () ritzfoodservice com>
Date: Wed, 18 Dec 2002 10:05:01 -0800
A couple of quick suggestions (in case you haven't already, since you didn't mention what precautions you have taken so far) Make sure your at the latest service pack, and up to date with hotfixes(windows update usually works for this). Run something like hfnetchk(now a part of some new security tool they have) against the machine, read the noted security bulletins and apply the neccesary patches. MS also has the IIS lockdown tool which could help. As you suggested a program to look at available ports is handy, I happen to use nmap for a quick and dirty look to see what is open. Unless you absolutely have to I would put the machine behind some sort of firewall, or if you can't disable all un-neccesary services and run some sort of software firewall package. I don't know if you can 'secure completely' a machine that is connected to the internet however with a few precautions your much better off. To better your odds you have to stay up to date with the latest vulerabilities and keep the machine patched. -Jimmy -----Original Message----- From: Harish Gondavale [mailto:hardgo () yahoo com] Sent: Wednesday, December 18, 2002 9:25 AM To: SECURITY-BASICS () SECURITYFOCUS COM Subject: Tools for IIS security check Hi all, Can somebody give few good free tools' name, which can be used to verify that IIS is secured completely? I know few of them : Nessus, Nikto Thanks for all your help. Bye. Harish __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Current thread:
- Tools for IIS security check Harish Gondavale (Dec 18)
- RE: Tools for IIS security check Jimmy Sansi (Dec 19)
- Re: Tools for IIS security check N30 (Dec 19)
- Re: Tools for IIS security check Rahul Chander Kashyap (Dec 19)
- RE: Tools for IIS security check Dominick Sardina (Dec 19)
- Re: Tools for IIS security check GSimmonds (Dec 20)
- <Possible follow-ups>
- re: Tools for IIS security check H C (Dec 19)
- RE: Tools for IIS security check Janssen, Steph (Dec 19)
- RE: Tools for IIS security check Rosado, Rafael (Rafael) (Dec 20)
- RE: Tools for IIS security check Mike Heitz (Dec 20)
- Re: Tools for IIS security check gorski2003 (Dec 20)