ISS Security

If your department feels that it has a need to run its own IIS web server, please be aware that ITS does not support outside web servers and that it is expected that you are able to fully support and secure the IIS server within your department. Some links that serve as a starting point to do this include:
 

IIS Security Checklists: For Windows NT 4.0, IIS 4.0:
http://www.microsoft.com/technet/itsolutions/security/tools/iischk.asp
 

For Windows 2000, IIS 5.0:
http://www.microsoft.com/technet/itsolutions/security/tools/iis5chk.asp
 

Security Sites Microsoft Technet Security Page:
http://www.microsoft.com/technet/security
 

Microsoft Security Tools:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/tools/tools.asp


eEye commercial IIS security:
http://www.eeye.com
 

Educause Security Systems Taskforce:
http://www.educause.edu/security/
 

CERT Internet Security Center:
http://www.cert.org/
 

IIS Sites MS Windows 2000 Web and Application Services:
http://www.microsoft.com/windows2000/technologies/web/default.asp
 

IIS Hosting Kit:
http://www.microsoft.com/ISN/deployment/iis_hosting_p74416.asp
 

Windows 2000 IIS 5.0 Hotfix Checking Tool:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24168
 

HFCHECK.WSF consults an XML file list - either hosted on the Microsoft site or downloaded to the local machine - for the list of hotfixes available for IIS, then compares this list to the hotfixes installed on the local system. If a hotfix is missing, the tool notifies you.

Two other new hotfix tools worth mentioning are the Microsoft Personal Security Advisor and the MS Network Security Hotfix Checker.
 

Microsoft Personal Security Advisor (MPSA):
http://www.microsoft.com/technet/mpsa/start.asp
 

MPSA is an easy to use web application that will help you secure your Windows NT 4.0 and Windows 2000 computer system. Simply navigate to the MPSA site and press the Scan Now button to receive a detailed report of your computer's security settings and recommendations for improvement.
 

Microsoft Network Security Hotfix Checker (hfnetchk):
http://www.microsoft.com/technet/itsolutions/security/tools/hfnetchk.asp
 

You can use the MS Network Security Hotfix Checker to assess patch status for the Windows NT 4.0 and Windows 2000 operating systems, as well as hotfixes for Internet Information Server 4.0 (IIS), Internet Information Services 5.0 (IIS), SQL Server 7.0, and SQL Server 2000 (including Microsoft Data Engine [MSDE]), and Internet Explorer 5.01 or later.

Back to the Web Developer's Hub