| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
What Does It Take to Harden an IIS Web Server? The purpose of this document is to shed some light on how to make it harder for an intruder to compromise the system. We’ll be going through securing a Windows 2000 server running IIS 5.0 and some of the tools that we can use to scan system(s) before putting it into production.
By Boris Napernikov, 04/27/2004
|
|
Securing an IIS 5.0 Web Server on Windows 2000 using Security Tools and Templates The majority of the guides and documents available on windows security have focused on recommended security configuration settings, or on the functionality of one tool or security template. Examining the individual configuration settings recommended in the guide or made by the tool or template concerned. However, this paper attempts to give an overview of the security guides, tools and templates available from Microsoft, and to describe the basic steps involved in applying the tools and templates.
By Graeme McLintock, 04/27/2004
|
|
Creating a Stable and Secure Connection from a Remote Website to the Inside of a Network This paper will examine the best way to grant remote access to the network of a very small business for employees who are out of the office on the road. After examining the benefits and disadvantages of various commercial and homegrown options available, the paper will describe how to set up an FTP server with Microsoft’s IIS (Internet Information Services), which is built in to Microsoft Windows 2000. The paper will then show how to harden IIS and then describe other measures to add defense in depth to the project. The paper concludes that IIS is an acceptable way to share files for certain organizations, but only if extra steps are taken to harden the system, and only as long as the organization in question is extremely small with a trusted group of employees who have a modicum of technical ability.
04/14/2004
|
|
Securing an IIS 4.0 web server, machine and all The objective of this paper is to show how I secured my organization’s web server, which fatally crashed earlier this year. I will describe the steps taken in securing the server from OS (Operating System) to IIS (Internet Information Server) and the vulnerabilities corrected by the configuration. I will outline the state of security the web server was in before the crash and the final state of security the server was in after all the changes were made. The web server acts as an information server for those who wish to know about my organization. It provides them with technical information, location, maps, many links and many other things they might want to know about my organization. It also serves those of us in the organization when we are away from our home site. The web server provides the necessary links to our OWA (Outlook Web Access) accounts for those employees that need to travel throughout the world.
04/03/2004
|
|
Quick Guide to IIS Web Server Security With more and more companies placing their business on line, whether it’s e-commerce or B2B, System Administrators have to learn how to secure their systems on the fly. Keeping systems up and running is difficult enough without having to make sure that someone with ill intentions does not bring them down. So where does the busy Systems Administrator go to acquire the knowledge needed to protect their systems and calm the rising fears of management? The fastest way to beat the learning curve is to learn from those who have done it. I am a systems administrator who took over an e-commerce/B2B “web farm” six months ago. Prior to this position, I was the SMS (Microsoft Systems Management Server) administrator. All the servers and software I worked on resided behind the corporate firewall in the corporate private network. I had very little experience with IIS and I was even less knowledgeable about firewalls.
03/28/2004
|
|
Securing IIS6: From the OS, Up This document provides a detailed look at securing Internet Information Services v6.0 (IIS6), using a combination of security templates and manual techniques. In order to provide the most secure installation of IIS possible, the paper first looks at securing the base operating system, Windows Server 2003 (Win2K3). The process will be covered completely; creating a hardened baseline on which to install IIS6, hardening the web server itself, and manually tweaking settings to conform to a custom environment. Finally, the paper also explains methods of analyzing and verifying the prescribed security settings.
03/28/2004
|
|
Securing End User Active Server Page Applications on an Intranet End user computing solutions have evolved from the mainframe to the personal computer and now to the web. Business partners must be empowered to create their own applications, but the enterprise must still ensure that adequate control and security is in place. This can be especially challenging in a Microsoft IIS intranet environment, as Microsoft has made it easy for end user developers to create powerful, but unsecure, applications. Creation of highly secure applications can require more skills than are possessed by the average end user developer and compromises may need to be made. This paper discusses the evolution of end user computing as well as the issues involved, and explores a number of techniques which can be used to secure end user applications in a Microsoft IIS 4.0 intranet environment.
03/23/2004
|
|
Basic IIS Lockdown Using Scripts and Group Policy Microsoft Active Directory and Group Policy have a feature-rich set of tools and processes to help save an administrator time and energy in maintaining security within the domain. Locking down a server requires many steps to complete, and depending on the extent to which the server is locked down, it can take up to several hours. This paper is primarily written for system administrators who want to make their life managing IIS easier using scripts with Active Directory and Group Policy.
03/22/2004
|
|
A day in the life of Directory Traversal and IIS The exploitation of this vulnerability could have been completely avoided if all system administrators applied a patch in August of 2000. However, they did not, and due to this, many web servers were attacked using this vulnerability. Defacements were not the primary problem here though. Malicious script writers, those who create Trojans and Virus, took this exploit, used primarily for defacing at the time, and created perhaps the worst worm in the internet history, NIMDA. This is why I have chosen to write a comprehensive practical on the entire vulnerability with some of its history outlined. As well as steps to take to protect yourself from this vulnerability. If all System Administrators would have taken these steps back in August 2000, perhaps the Code Red, Nimda and other programs, worms and Trojans would never have been created.
03/21/2004
|
|
IIS 6.0 Security The popularity of web servers as a prime target for crackers and worm writers around the globe made IIS a natural place for Microsoft to focus its Trustworthy Computing Initiative. As a result, IIS has been completely redesigned to be secure by default and secure by design. This article discusses the major default configuration and design changes incorporated in IIS 6.0 to make it a more secure platform for hosting critical web applications.
03/09/2004
|
|
Page: 1 2 3 |
