Security Basics mailing list archives
RE: Securing IIS Server
From: "Marc Maiffret" <marc () eeye com>
Date: Mon, 11 Aug 2003 10:27:49 -0700
Also check out SecureIIS. We have a free edition for personal use. So if your looking for something like URLScan, but that actually works, grab SecureIIS. The free version can be downloaded at http://www.eeye.com/html/Products/SecureIIS/Download.html Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: Roland Venter [mailto:rolandv () xtra co nz] | Sent: Saturday, August 09, 2003 4:29 AM | To: 'Justin Martin'; 'NR'; security-basics () securityfocus com | Subject: RE: Securing IIS Server | | | Another Link: | | Security Wizards Guide: Securing IIS | http://www.secwiz.com/Default.aspx?tabid=39 | | | -----Original Message----- | From: Justin Martin [mailto:jmartin () gjonas com] | Sent: Thursday, 7 August 2003 4:09 a.m. | To: NR; security-basics () securityfocus com | Subject: RE: Securing IIS Server | | | Here is another link for you to look at | | | | http://www.lokboxsoftware.com/securewin2k/ | | | | Justin | | -----Original Message----- | From: salgak () speakeasy net [mailto:salgak () speakeasy net] | Sent: Tuesday, August 05, 2003 1:04 PM | To: NR; security-basics () securityfocus com | Subject: Re: Securing IIS Server | | > -----Original Message----- | > From: NR [mailto:nr6106 () hotmail com] | > Sent: Tuesday, August 5, 2003 10:22 AM | > To: security-basics () securityfocus com | > Subject: Securing IIS Server | | > Hi, | > | > I have IIS Server in which i want to install IIS lockdown and URLScan, | > i heard they are very good to protect IIS server, | > are they worth installing, and if not, is there any other tools i can | use | > to secure my IIS ? | | FDISK /MBR and Install Linux or FreeBSD ??? (sorry, couldn't resist) | | First, what version of IIS are we talking here ? IIS 3 or 4 running on | NT, IIS 5 on 2000, or IIS 6 on 2003 ? | | Then comes the task of hardening not just the IIS, but the server you're | running it on. IIS is only PART of the task. | | If it's 2000, start here: | | http://nsa2.www.conxion.com/win2k/download.htm | | | | | | ------------------------------------------------------------------------ | --- | ------------------------------------------------------------------------ | ---- | | | | ------------------------------------------------------------------ | --------- | ------------------------------------------------------------------ | ---------- | | --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Data Compression, (continued)
- Re: Data Compression Gabriel Orozco (Aug 07)
- RE: Data Compression Paul Farag (Aug 07)
- Re: Securing IIS Server Simon Gray (Aug 06)
- RE: Securing IIS Server MeaCulpa (Aug 06)
- RE: Securing IIS Server Robinson, Sonja (Aug 06)
- Re: Securing IIS Server salgak (Aug 06)
- Re: Securing IIS Server chris (Aug 06)
- RE: Securing IIS Server Jay Woody (Aug 06)
- RE: Securing IIS Server Justin Martin (Aug 06)
- RE: Securing IIS Server Roland Venter (Aug 11)
- RE: Securing IIS Server Marc Maiffret (Aug 11)
- RE: Securing IIS Server Roland Venter (Aug 11)
- RE: Securing IIS Server Chris Neppes (Aug 06)