|
Home > Archive > IIS Server Security > August 2005 > IIS Hardening
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I have an application running on the default Web instance in IIS. My
question is that if I installed application on the default instance of IIS is
there any security breaches or questions for concern by having it installed
on the first default Web instance. I would think that by changing the name
of this first instance that there would be no difference then creating in
other instance called "ABC". If anyone could please comment on this you
would be very appreciated also if this is a security breach does anybody have
any Microsoft documents to say that it is or better yet it's not
Regards,
Brian
| |
| Jeff Cochran 2005-08-30, 2:55 am |
| On Wed, 24 Aug 2005 06:02:37 -0700, "Brian"
<Brian@discussions.microsoft.com> wrote:
>I have an application running on the default Web instance in IIS. My
>question is that if I installed application on the default instance of IIS is
>there any security breaches or questions for concern by having it installed
>on the first default Web instance. I would think that by changing the name
>of this first instance that there would be no difference then creating in
>other instance called "ABC". If anyone could please comment on this you
>would be very appreciated also if this is a security breach does anybody have
>any Microsoft documents to say that it is or better yet it's not
All instances have the same security issues. There's nothing special
about the default site. If you're worried, and there's no reason to
be more worried than with any other site, delete the default site then
create a new one.
Jeff
| |
|
| Thanks Jeff,
I just need to hear this from someelse other then myself. Have you used the
MS IIS harding utility?
"Jeff Cochran" wrote:
> On Wed, 24 Aug 2005 06:02:37 -0700, "Brian"
> <Brian@discussions.microsoft.com> wrote:
>
>
> All instances have the same security issues. There's nothing special
> about the default site. If you're worried, and there's no reason to
> be more worried than with any other site, delete the default site then
> create a new one.
>
> Jeff
>
| |
| Jeff Cochran 2005-08-30, 8:49 pm |
| On Mon, 29 Aug 2005 20:18:03 -0700, "Brian"
<Brian@discussions.microsoft.com> wrote:
>Thanks Jeff,
>
>I just need to hear this from someelse other then myself. Have you used the
>MS IIS harding utility?
It's a checklist really. And you need to look at what you're changing
and understand what it does, since following the checklists will limit
some functionality. Which is fine if you don't need that
functionality.
Jeff
[vbcol=seagreen]
>"Jeff Cochran" wrote:
>
|
|
|
|
|