Definition of IIS
Defined as: Internet Information Services or Server. A set of Internet based services for Windows machines. Originally supplied as part of the Option Pack for Windows NT, they were subsequently integrated with Windows 2000 and Windows Server 2003. The current (Windows 2003) version is IIS 6.0 and includes servers for FTP, SMTP, NNTP and HTTP/HTTPS.
|
|
IIS
|
|
Mask Your Web Server for Enhanced Security
Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and "script kiddies". This article explores some ways you can minimize the risk of such detection. Most of the following examples focus on Microsoft's Internet Information Services (IIS) Web server, since it has been most widely lambasted for its vulnerabilities, but some Apache detection countermeasures are also covered. While IIS users probably have the most vested interest here, server anonymization is relevant to anyone responsible for administering a Web server.
Read the Article
|
IIS Security Tips
The only way to barely make it in the world of IIS web servers is to guard yourself from the attacks that are yet to come. Basically it does not matter how many service packs or hotfixes you install there will always be that one new hole that comes out that bites you in the ass.
Read the Article
|
IIS Lockdown and Urlscan
The security posture of a web application can be severely undermined if the underlying web server software is vulnerable. The web server software is the most visible and easy to exploit part of a web application. Even if the web application itself is impregnable it can be subject to serious security breaches if the underlying web server platform is insecure.
Read the Article
|
Securing IIS on Windows 2000
There are more vulnerabilities and attacks for web servers than any other type. With the convenience of the Internet and the growing pressure to "have a web presence", people and businesses are installing web servers right and left. Windows 2000 and Internet Information Server (IIS) are making this incredibly easy, but what about the risks? By its very design, a web server is intended to make information accessible, not protect it.
Read the Article
|
How to detect hackers on your web server
This white paper focuses on how administrators can set up their web servers successfully and safely. Describing the tools used by hackers to gain backdoor access to your IIS web servers, this paper details the necessary steps to detect successful intrusions on your network, as well as explaining how to prevent such attacks to your web server.
Read the Article
|
Maintaining Credible IIS Log Files
As I mined through hundreds of log files stored on the Web servers, I came across one log file that had, among the thousands of log entries, a single blank line. I checked the last modified date of that file and found that it had been modified two days after the log file was closed. Hundreds of megabytes of log file evidence suddenly became useless due to a single blank line. Because the log files were stored on the same server that was compromised, the intruder could have easily removed evidence or, worse, replaced it with false evidence pointing to someone else. The modification of one log file is compelling reason to question the validity of every log file on that server.
Read the Article
|
21 Things IIS 6.0 Migration Tool Doesn't Do
The Internet Information Services (IIS) 6.0 Migration Tool (IISMT) is a free command-line utility from Microsoft that allows you to automate the migration of one or more Web sites or Web applications from IIS 4.0/5.0/6.0 to an IIS 6.0 computer running on Windows Server 2003. In this article we will focus on the limitations of IISMT so you can determine if the tool is going to be an appropriate solution for your particular environment. For information on how the tool works and the command-line syntax, check out the documentation that comes with the tool.
Read the Article
|
Securing an IIS Web Server Using Novell's iChain
This paper will step through the design process, reasons behind the design chosen as well as the recommendations of securely implementing Novell's reverse proxy, iChain, to secure a web server. Providing basic steps to get a web server online and front-ending it with iChain is outside the scope of this document. I will however discuss the in-depth details of properly securing the iChain proxy server itself and the details of getting the proposed design to work securely.
Read the Article
|
|
|
Members currently browsing this category:
|
|
