Security Basics mailing list archives

RE: Securing IIS Server

From: "Marc Maiffret" <marc () eeye com>
Date: Mon, 11 Aug 2003 10:27:49 -0700

Also check out SecureIIS. We have a free edition for personal use. So if
your looking for something like URLScan, but that actually works, grab
SecureIIS. The free version can be downloaded at
http://www.eeye.com/html/Products/SecureIIS/Download.html

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

| -----Original Message-----
| From: Roland Venter [mailto:rolandv () xtra co nz]
| Sent: Saturday, August 09, 2003 4:29 AM
| To: 'Justin Martin'; 'NR'; security-basics () securityfocus com
| Subject: RE: Securing IIS Server
|
|
| Another Link:
|
| Security Wizards Guide: Securing IIS
| http://www.secwiz.com/Default.aspx?tabid=39
|
|
| -----Original Message-----
| From: Justin Martin [mailto:jmartin () gjonas com]
| Sent: Thursday, 7 August 2003 4:09 a.m.
| To: NR; security-basics () securityfocus com
| Subject: RE: Securing IIS Server
|
|
| Here is another link for you to look at
|
|
|
| http://www.lokboxsoftware.com/securewin2k/
|
|
|
| Justin
|
| -----Original Message-----
| From: salgak () speakeasy net [mailto:salgak () speakeasy net]
| Sent: Tuesday, August 05, 2003 1:04 PM
| To: NR; security-basics () securityfocus com
| Subject: Re: Securing IIS Server
|
| > -----Original Message-----
| > From: NR [mailto:nr6106 () hotmail com]
| > Sent: Tuesday, August 5, 2003 10:22 AM
| > To: security-basics () securityfocus com
| > Subject: Securing IIS Server
|
| > Hi,
| >
| > I have IIS Server in which i want to install IIS lockdown and URLScan,
| > i heard they are very good to protect IIS server,
| > are they worth installing, and if not, is there any other tools i can
| use
| > to secure my IIS ?
|
| FDISK /MBR and Install Linux or FreeBSD ???  (sorry, couldn't resist)
|
| First, what version of IIS are we talking here ?  IIS 3 or 4 running on
| NT, IIS 5 on 2000, or IIS 6 on 2003 ?
|
| Then comes the task of hardening not just the IIS, but the server you're
| running it on.  IIS is only PART of the task.
|
| If it's 2000,  start here:
|
| http://nsa2.www.conxion.com/win2k/download.htm
|
|
|
|
|
| ------------------------------------------------------------------------
| ---
| ------------------------------------------------------------------------
| ----
|
|
|
| ------------------------------------------------------------------
| ---------
| ------------------------------------------------------------------
| ----------
|
|


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Data Compression, (continued)
- - - Re: Data Compression Gabriel Orozco (Aug 07)
    - RE: Data Compression Paul Farag (Aug 07)
- Re: Securing IIS Server Simon Gray (Aug 06)
- RE: Securing IIS Server MeaCulpa (Aug 06)
- RE: Securing IIS Server Robinson, Sonja (Aug 06)
- Re: Securing IIS Server salgak (Aug 06)
- Re: Securing IIS Server chris (Aug 06)
- RE: Securing IIS Server Jay Woody (Aug 06)
- RE: Securing IIS Server Justin Martin (Aug 06)
  - RE: Securing IIS Server Roland Venter (Aug 11)
    - RE: Securing IIS Server Marc Maiffret (Aug 11)
- RE: Securing IIS Server Chris Neppes (Aug 06)