IIS security question
#1
Scooby Regular
Thread Starter
Join Date: Nov 1999
Location: Stockport
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
Hi,
I'm in the process of setting up an IIS server for work. Do I need to run a firewall and virus checker on the server or should it be ok without as long as all the latest patches/fixes are installed?
Cheers
Rob
I'm in the process of setting up an IIS server for work. Do I need to run a firewall and virus checker on the server or should it be ok without as long as all the latest patches/fixes are installed?
Cheers
Rob
#5
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
Connected to the net as in Internet or internal Lan?
If its just sat on internet I would at a minimum block all ports other than 80 and open up whatever you need...
David
If its just sat on internet I would at a minimum block all ports other than 80 and open up whatever you need...
David
#7
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
do it under network properties, tcp/ip, properties, advanced, enable security.... I would still recommend a firewall though!
David
David
Trending Topics
#10
Scooby Regular
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
Sorry, but the safest thing would be to not install IIS unless you absolutely have to. Can't you use apache ?
And block all ports apart from 80 , and rename the administrator account and run an anti-virus and sit it behind a firewall and all of the other lockdown stuff .
Steve
#12
Scooby Regular
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
Tie it all down then. Run a firewall in front of it - if you are tight on time or the beancounters are having an off day, then a smoothwall will be enough. Don't use a software firewall on anything like a production machine.
Steve
Steve
#13
1) Patch IIS
2) Get a firewall (you could use a software one, hardware is better)
3) Patch IIS (there will be a new one by now!)
Bascially, you want to disable everything you're not going to be using. If this is your first attempt then I would suggest you leave the machine on the net for a week or so BEFORE you add anything even remotely important to it!
Also, make sure its not connected to the rest of your network - if it is then pay someone who knows what they're going (because you'll need a DMZ for it and its SO easy to get it wrong).
If you're determined to DIY then Securing win2k/NT servers for the Internet by O'Reilly is a must have as is the IIS Lockdown tool from MS (does a lot of the stuff for you).
2) Get a firewall (you could use a software one, hardware is better)
3) Patch IIS (there will be a new one by now!)
Bascially, you want to disable everything you're not going to be using. If this is your first attempt then I would suggest you leave the machine on the net for a week or so BEFORE you add anything even remotely important to it!
Also, make sure its not connected to the rest of your network - if it is then pay someone who knows what they're going (because you'll need a DMZ for it and its SO easy to get it wrong).
If you're determined to DIY then Securing win2k/NT servers for the Internet by O'Reilly is a must have as is the IIS Lockdown tool from MS (does a lot of the stuff for you).
#16
Scooby Regular
Thread Starter
Join Date: Nov 1999
Location: Stockport
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
A hardware firewall is out of the question at the moment. The server is in a remote location at the moment. We'll possibly move it in house in the future depending on how things go.
Anyone got any suggestions for a good (cheap) firewall. Personally I use Sygate at the moment and was thinking of using that. Not too keen on Zonealarm cos I've had a few problems with that in the past.
Cheers for all the help
Rob
Anyone got any suggestions for a good (cheap) firewall. Personally I use Sygate at the moment and was thinking of using that. Not too keen on Zonealarm cos I've had a few problems with that in the past.
Cheers for all the help
Rob
Thread
Thread Starter
Forum
Replies
Last Post
Brzoza
Engine Management and ECU Remapping
1
02 October 2015 05:26 PM
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM