RE: Securing IIS Server

["Roland Venter" <rolandv () xtra co nz>]

Another Link:

Security Wizards Guide: Securing IIS  
http://www.secwiz.com/Default.aspx?tabid=39


-----Original Message-----
From: Justin Martin [mailto:jmartin () gjonas com]
Sent: Thursday, 7 August 2003 4:09 a.m.
To: NR; security-basics () securityfocus com
Subject: RE: Securing IIS Server


Here is another link for you to look at



http://www.lokboxsoftware.com/securewin2k/



Justin

-----Original Message-----
From: salgak () speakeasy net [mailto:salgak () speakeasy net] 
Sent: Tuesday, August 05, 2003 1:04 PM
To: NR; security-basics () securityfocus com
Subject: Re: Securing IIS Server

> -----Original Message-----
> From: NR [mailto:nr6106 () hotmail com]
> Sent: Tuesday, August 5, 2003 10:22 AM
> To: security-basics () securityfocus com
> Subject: Securing IIS Server

> Hi,
>
> I have IIS Server in which i want to install IIS lockdown and URLScan,
> i heard they are very good to protect IIS server,
> are they worth installing, and if not, is there any other tools i can
use 
> to secure my IIS ?

FDISK /MBR and Install Linux or FreeBSD ???  (sorry, couldn't resist)

First, what version of IIS are we talking here ?  IIS 3 or 4 running on
NT, IIS 5 on 2000, or IIS 6 on 2003 ?

Then comes the task of hardening not just the IIS, but the server you're
running it on.  IIS is only PART of the task.  

If it's 2000,  start here:

http://nsa2.www.conxion.com/win2k/download.htm





------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------