RE: Tools for IIS security check

["Jimmy Sansi" <jsansi () ritzfoodservice com>]

A couple of quick suggestions (in case you haven't already, since
you didn't mention what precautions you have taken so far) 
Make sure your at the latest service pack, and up to date with 
hotfixes(windows update usually works for this). Run something 
like hfnetchk(now a part of some new security tool they have) 
against the machine, read the noted security bulletins and apply 
the neccesary patches. MS also has the IIS lockdown tool which 
could help. 

As you suggested a program to look at available ports is handy, 
I happen to use nmap for a quick and dirty look to see what 
is open.

Unless you absolutely have to I would put the machine behind
some sort of firewall, or if you can't disable all un-neccesary
services and run some sort of software firewall package.

I don't know if you can 'secure completely' a machine that
is connected to the internet however with a few precautions
your much better off. To better your odds you have to stay
up to date with the latest vulerabilities and keep the machine
patched.

-Jimmy

-----Original Message-----
From: Harish Gondavale [mailto:hardgo () yahoo com]
Sent: Wednesday, December 18, 2002 9:25 AM
To: SECURITY-BASICS () SECURITYFOCUS COM
Subject: Tools for IIS security check


Hi all,

Can somebody give few good free tools' name, which can
be used to verify that IIS is secured completely?

I know few of them : Nessus, Nikto

Thanks for all your help.

Bye.

Harish 


__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com