General discussion


Steps to secure an IIS Web server

By jasonhiner Moderator ·
This question is being posted by the TechRepublic staff. The response(s) from this post may be turned into an article on the TechRepublic site. This is a winner-take-all scenario and the winner will be the person who provides the best and/or most complete answer in our judgment. If there are multiple correct answers we will select the one that was posted first. In addition to offering a generous amount of TechPoints, the winner will also receive a free piece of TechRepublic gear (e.g. a coffee mug, a desk flag, or another item sporting the TechRepublic logo). This competition ends at 11:59 PM on Sunday, May 30. Good luck and let the best techie win!

A systems administrator has been tasked with building an internal Web server to run the company?s intranet. ASP scripts need to be used so an IIS Web server will be needed. The admin has an available Win2K license and a server to put it on, but he?s concerned about security and has not worked with IIS very much. What steps does he need to take to lock down IIS before turning over the server to the team that is building the intranet?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Steps to secure an IIS We ...

Well, since you really DO work for TR, then here is my other suggestion:
It's the IIS Security Checklist. Useful for locking down IIS.
And I still say that the IIS Lockdown tool (with URLScan filter) is VERY useful too!

Collapse -

by jasonhiner Moderator In reply to

Poster rated this answer.

Collapse -

by jasonhiner Moderator In reply to Steps to secure an IIS We ...

This question was closed by the author

Related Discussions

Related Forums