General discussion

Locked

IIS Security Tool?

By TomSal ·
Hi all. I have a quick question. I don't know if this person was just talking BS or not..but I was on a usenet the other day (I asked for information on the usenet group but no one has helped yet) where someone mentioned a software utility that you run on an IIS web server and it will test its security and they report its readiness to you.

Is this a made up tool? If not what's it called and where can I get it - I'm interested in using it.

Thanks.

Besides the tool, is there a document anywhere that has a checklist of security items for IIS servers?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Its a shame really...

by TomSal In reply to Btw: That King guy Is Bab ...

I don't know about you, but I've been with TR for a while - since it was beta, like many forums on the 'net its quality is starting to sag....the infusion of pranksters, annoying people, and AOL kiddies is being noticed more and more in these discussions. With the easy ID swapping you can do on here I'm not surprised one bit if one kiddie isn't the real ID behind a dozen names.

Oh well...just a shame that's all.

Collapse -

sorry

by SaraMiller In reply to IIS Security Tool?

WELL TOM I AM VERY SORRY BUT I AM UNDER MY HUSBANDS NAME...I THOUGHT YOU WOULD BE ABLE TO FIGURE IT OUT BUT I GUESS NOT....AND YOUR COMMENT TO THE OTHER GUY ABOUT "EXCUSE ME WHILE I GO INSULT THE OTHER GUY" MEANING ME WAS QUITE OFFENSIVE, I HAVE SENT YOUR NAME IN TO BE WARNED BECAUSE OF YOUR CRUED TALK, I WAS TRYING TO HELP YOU BUT I GUESS YOUR A HOMOPHOBIC MAN WITH A BIG PROBLEM

Collapse -

Thanks for explaining..my turn

by TomSal In reply to sorry

Well, I see things as they are and respond accordingly..on the 'net especially. Your posted named was not 'SaraMiller' as I recall on the original reply, assuming that I myself know how easy it is to switch names and therefore it automatically updates in all forums. Furthermore, how would I be able to "Figure it out" as you state? From a Techrepublic handle - that you can switch on the fly? If I was that good, I'd play lottery all day. I stand by my original replies, I personally don't thinkI was out of line and I still think your post was fishy...for instance - it sounded silly, you offered no real help and just agreed with what I posted. With the rash of AOL kiddies appearing in the discussions, my immediate thought - right or wrong,was thinking this was another instance of that.

However, since its beyond stupid and immature to squabble over such issues...I'm sorry if I offended you in the end. However, I don't retract what I said in the other posts in this thread and as faras warning TR about my post...do whatever allows you to feel warm and fuzzy inside and please have a nice day.

Collapse -

Thanks for explaining..my turn

by TomSal In reply to sorry

Well, I see things as they are and respond accordingly..on the 'net especially. Your posted named was not 'SaraMiller' as I recall on the original reply, assuming that I myself know how easy it is to switch names and therefore it automatically updates in all forums. Furthermore, how would I be able to "Figure it out" as you state? From a Techrepublic handle - that you can switch on the fly? If I was that good, I'd play lottery all day. I stand by my original replies, I personally don't thinkI was out of line and I still think your post was fishy...for instance - it sounded silly, you offered no real help and just agreed with what I posted. With the rash of AOL kiddies appearing in the discussions, my immediate thought - right or wrong,was thinking this was another instance of that.

However, since its beyond stupid and immature to squabble over such issues...I'm sorry if I offended you in the end. However, I don't retract what I said in the other posts in this thread and as faras warning TR about my post...do whatever allows you to feel warm and fuzzy inside and please have a nice day.

Collapse -

What I have heard

by meshyslanky In reply to IIS Security Tool?

Hello, well i am new to your little group here but i hope that you will all welcome me into it. I had heard the same thing the other day except I had also heard that you were charged a fee for everytime you used this service. I had heard it via email through another friend of mine. I will check w/ them and report back w/ any further info. I had also heard that it isnt too often that "they" make this aavailable to people. In terms of they I am referring to the big top executives that run the mainframes and they told me. They are my friends in China...thats where Myshy is from. Do you want me to tell you more about that? I just came here. I am loking for friends you know?

Collapse -

Meshy

by LordInfidel In reply to What I have heard

Check out my answers post above.

There is no fee for the tools that M$ made public.

If you **CALL** M$, then yes you need a CC and they will charge you.

But I do not believe that is the point of this discussion.

M$ does have several tools available. Some from the resource kits, others downloadable off the web.

Hfnetchk is probably the one that is being referenced. It is the one that checks your system for patches.

Basically it downloads an xml file from M$ each time you run it. The file then checks your system for the patch signatures that is in the xml for the M$ programs that you have installed. If it finds one missing it will tell you and it will tell you the KB # as well as the patch ID.

I've used it well over 100x's already. No bills have come in from M$.

Hope this helps

Collapse -

Whatever!

by meshyslanky In reply to Meshy

I am the new person here and you are not very friendly. Ok so I am not COMPLETELY right mr. expert...but lets not jump off into the deep end. You definately are wound alittle to tight today!

Collapse -

I meant

by LordInfidel In reply to Whatever!

I meant.... Look at my post above so you have something to reference against. I did not feel like retyping it.

The post was not meant as deragatory in any way. I was playing on words by saying....

If you CALL M$, they will charge you... Likean FYI/heads up sort of thing.

I was not blasting you. You would definetly know it if I was, I can be very very cruel.

Again the post was meant as a "friendly" post. Not a blast.

Collapse -

Scanning tool

by nocahoma In reply to IIS Security Tool?

This may help. MS has a website that will scan a machine for security weaknesses of all kinds. Try this out. It'll tell you what patches you need. I haven't tried it on an IIS server, but it works great with the servers I have used it on. Here's the link.

http://www.microsoft.com/technet/mpsa/start.asp

Collapse -

Microsoft Network Security Hotfix

by dmcneel In reply to IIS Security Tool?

Our company consults extesively regarding Internet security and how organizations may secure their networks. This tool will allow you to determine the level of KNOWN vulnerabilities. You will find it to be quite robust. If you intend to use or are using Microsoft as the OS for any web enabled server, I HIGHLY reccomend using this tool before going live.

This is an excerpt from the Microsoft Knowledge base. (support.microsoft.com) Simply enter a search for hfnetchk or article Q303215. The article also has links to download the tool.

This article provides information about the Hfnetchk tool (Hfnetchk.exe), which is a command-line tool that administrators can use to centrally assess a computer or group of computers for the presenceor absence of security patches.

You can use the Hfnetchk tool to assess patch status for the Windows NT 4.0 and Windows 2000 operating systems, as well as hotfixes for Internet Information Server 4.0 (IIS), Internet Information Services 5.0 (IIS), SQL Server 7.0, and SQL Server 2000 (including Microsoft Data Engine [MSDE]), and Internet Explorer 5.01 or later.

Related Discussions

Related Forums