General discussion


IIS4/Exchange Security question

By kcrosby1 ·
I have a Exchange Mail server that uses OWA. IIS4 is installed on the same server. No choice about that. I understand that there is a new SP4 for Exchange 5.5 but what else might I do to security IIS4 from unwanted attacks????.... Probably basic IIS4 security things that I might need to turn off.

Any suggestions or pointed in the right directions would be appreciated,

Thanks, Kevin/Detroit

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

IIS4/Exchange Security question

by Shanghai Sam In reply to IIS4/Exchange Security qu ...

In my experience, good security begins with 3 things:
a. Remove/disable any unnecessary services.
b. Install the latest security patches.
C. Monitor the system regularly.

Follow those general rules, and you will be in good shape.
If you're looking for a more detailed checklist, MS has one specifically for NT 4.0 running IIS available at:

Also, you should signup for notification of alll security related hotfixes. You can do this here:

Collapse -

IIS4/Exchange Security question

by DAO251 In reply to IIS4/Exchange Security qu ...

I would review your reasons for using OWA. Do you have many notebookless travelling people? Why don't you just use Outlook?

In case your big concern is security -- you better remove OWA and leave only known services allowed -- SMTP and RPC (the two Excahge ports IS & DS).

Elsewhere you really need to spend some time learning potential holes, cover them thouroughly and subscribe to MS Security bulletins and fix your IIS almost weekly.

I believe noone can answer you in two-three words like "close that and that".


Related Discussions

Related Forums