Tips and Tricks
A place to store useful info I don't want to lose
Home
Clippings
Wow
Tips
InfoScraper
Tools
Games
Essays
News
Deals
Comics
TV Guide
Kit

Subscribe to "Tips and Tricks" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog. 		 

 

 
  

Locking Down an IIS Box

Microsoft released the Latest IIS Lockdown tool last week. On that note we thought we could help you out with some info on securing an IIS box. Credit Mark Burnett and also eEye's Mark Maiffret for the following info on Locking down IIS.

Hardened configurations are a GREAT start, but not the end of it all, NOR is only one good security configuration or product the total end. And your environment will dictate what you do. You need everything, and then still need to pray to the server gods at night. This prayer includes having the SecureIIS god on your side.

Most of these preventions are common steps that are on many security checklists. In fact, there are eight basic steps that prevent most attacks:

  1. Put IIS on its own partition.
  2. Use packet filtering to block unused ports.
  3. Do not use FrontPage Server Extensions or WebDav on a production server.
  4. Disable all unused services or Windows components.
  5. Remove all unused ISAPI script mappings.
  6. Set the minimum required IIS permissions (do not allow script/executables if you are not using them).
  7. Set proper NTFS permissions.
  8. Do not put sensitive information in ASP files.
  9. Use the MaxClientRequestBuffer (see Q260694).
Of course, it is important to install service packs and hotfixes and it does help to have 3rd party add-ons for an additional layer of protection. We can help you manage the hotfixes too with UpdateEXPERT

You want to follow the recommended best practices and hardening checklists for windows and IIS. A streaming video of SecureIIS, setup and config, 10 minutes, WM8: and click on the QUICKDEMO Icon. Eval downloads available too.

W2Knews Oct 21, 2002 (Vol. 7, #67 - Issue #398)
Copyright Sunbelt Software Distribution, Inc. 1996-2002.

Click here to visit the Radio UserLand website. © Copyright 2002 Eric Hartwell.
Last update: 11/4/2002; 5:45:30 PM.
This theme is based on the SoundWaves (blue) Manila theme.

October 2002
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Sep   Nov

"Data! data! data!" he cried impatiently. "I can't make bricks without clay."
— Sherlock Holmes to Dr. Watson in "The Adventure of the Copper Beeches" by Arthur Conan Doyle. 

"I like deadlines," cartoonist Scott Adams once said. "I especially like the whooshing sound they make as they fly by."

"There is nothing like that feeling of spending days and days banging your head against a wall trying to solve a programming problem then suddenly finding that one tiny obscure and seemingly unrelated piece of the puzzle that unlocks the solution. Oh yeah!"

- Chris Maunder, CodeProject Newsletter 28 Jan 2002

"Management at eSnipe, which is me, is also feeling the pain of the 2002 bear market. So rather than pout about it, I bought some stuff on eBay that I really didn’t need, but made me feel better."

- Tom Campbell, president of eSnipe