General discussion

  • Creator
  • #2092305

    IIS4/Exchange Security question


    by kcrosby1 ·

    I have a Exchange Mail server that uses OWA. IIS4 is installed on the same server. No choice about that. I understand that there is a new SP4 for Exchange 5.5 but what else might I do to security IIS4 from unwanted attacks????…. Probably basic IIS4 security things that I might need to turn off.

    Any suggestions or pointed in the right directions would be appreciated,

    Thanks, Kevin/Detroit

All Comments

  • Author
    • #3878446

      IIS4/Exchange Security question

      by shanghai sam ·

      In reply to IIS4/Exchange Security question

      In my experience, good security begins with 3 things:
      a. Remove/disable any unnecessary services.
      b. Install the latest security patches.
      C. Monitor the system regularly.

      Follow those general rules, and you will be in good shape.
      If you’re looking for a more detailed checklist, MS has one specifically for NT 4.0 running IIS available at:

      Also, you should signup for notification of alll security related hotfixes. You can do this here:

    • #3878408

      IIS4/Exchange Security question

      by dao251 ·

      In reply to IIS4/Exchange Security question

      I would review your reasons for using OWA. Do you have many notebookless travelling people? Why don’t you just use Outlook?

      In case your big concern is security — you better remove OWA and leave only known services allowed — SMTP and RPC (the two Excahge ports IS & DS).

      Elsewhere you really need to spend some time learning potential holes, cover them thouroughly and subscribe to MS Security bulletins and fix your IIS almost weekly.

      I believe noone can answer you in two-three words like “close that and that”.


Viewing 1 reply thread