|
Home > Archive > IIS Server Security > October 2005 > Building a Windows 2003 DMZ Server without ISA
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Building a Windows 2003 DMZ Server without ISA
|
|
| johnpaul.temple@gmail.com 2005-10-24, 11:03 am |
| hi
I am planning on building a Windows 2003 Web Server and placing into a
DMZ, with cisco PIX on each side.
I have found only a few documents that describe how to configure the
Windows Server without using ISA. Has anyone got any tips or
suggestions for this sort of scenario?
We don't have a copy of ISA and I don't think there are any plans to
purchase it in the near future, which is why I am planning on building
this DMZ without it.
thanks in advance
JP
| |
| Chris Weber [Security MVP] 2005-10-24, 11:03 am |
| I would refer you to the Windows Server 2003 Security Guide at
http://www.microsoft.com/technet/se...3hg/sgch00.mspx
In general, IIS 6 in Win2k3 is pretty nice out of the box - ASP disabled,
IIS lockdown preconfigured etc. So as long as you lockdown your perimeter
firewall to only allow TCP 80 and/or 443 you should be okay, provided you
dont change too many IIS settings or roll out an insecure web application.
Chris Weber
<johnpaul.temple@gmail.com> wrote in message
news:1129712571.876667.111500@g49g2000cwa.googlegroups.com...
> hi
>
> I am planning on building a Windows 2003 Web Server and placing into a
> DMZ, with cisco PIX on each side.
>
> I have found only a few documents that describe how to configure the
> Windows Server without using ISA. Has anyone got any tips or
> suggestions for this sort of scenario?
>
> We don't have a copy of ISA and I don't think there are any plans to
> purchase it in the near future, which is why I am planning on building
> this DMZ without it.
>
> thanks in advance
>
> JP
>
| |
| johnpaul.temple@gmail.com 2005-10-24, 11:03 am |
| hi there
thanks for your reply, I have downloaded this and started reading
through it.
JP
Chris Weber [Security MVP] wrote:
> I would refer you to the Windows Server 2003 Security Guide at
> http://www.microsoft.com/technet/se...3hg/sgch00.mspx
>
> In general, IIS 6 in Win2k3 is pretty nice out of the box - ASP disabled,
> IIS lockdown preconfigured etc. So as long as you lockdown your perimeter
> firewall to only allow TCP 80 and/or 443 you should be okay, provided you
> dont change too many IIS settings or roll out an insecure web application.
>
> Chris Weber
|
|
|
|
|