Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Securing IIS Server

From: "MeaCulpa" <meaculpa () punkass com>
Date: Tue, 5 Aug 2003 21:46:49 +0200
It kinda depends on the functionality you want to keep.... IIS UrlScan
will protect you from various malformed URL's and you can use it to only
allow (for instance) http get and http put. You can also allow some
webdav commands, or entirely disable it (there is a registry key that
can do the same...).

IIS LockDown will just enable or disable stuff like ASP, SSI and will
protect some system files. The docs provided with the tools are good
enough to figure out what to expect....

meaculpa


-----Original Message-----
From: NR [mailto:nr6106 () hotmail com] 
Sent: Tuesday, August 05, 2003 12:22 PM
To: security-basics () securityfocus com
Subject: Securing IIS Server





Hi,

I have IIS Server in which i want to install IIS lockdown and 
URLScan, i heard they are very good to protect IIS server, 
are they worth installing, and if not, is there any other 
tools i can use to secure my IIS ?

Thanks and Regards
NR

--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---
Outgoing mail is has been checked with AVG,
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
 


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: