|
Home > Archive > IIS ASP > April 2005 > run testing web server safely??
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
run testing web server safely??
|
|
| btopenworld 2005-04-20, 7:48 am |
| A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.
Could anyone give me advice on running IIS safely as a local testing server
(for asp pages) whilst online?
I have to admit that I run an admin account (win2000) so I know this is one
thing I should change.
TIA
John
| |
| Jeff Cochran 2005-04-20, 5:51 pm |
| On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
<john@siteweave.net> wrote:
>A couple of years ago, I had a mild hack of the default windows web page in
>inetpub because I was running IIS whilst my DSL connection was on. Ever
>since, I have disconnected the DSL before running IIS.
>
>Could anyone give me advice on running IIS safely as a local testing server
>(for asp pages) whilst online?
You could set IIS to answer on only 127.0.0.1 and use a hosts file if
you need name resolution to that. That address won't answer off your
local system. Check the IIS group for a lot more security
possibilities, as well as:
Security Checklists:
http://www.microsoft.com/technet/tr...ity/Default.asp
From Blueprint to Fortress: A Guide to Securing IIS 5.0:
http://www.microsoft.com/technet/pr...vg/securiis.asp
Jeff
| |
| Mark Schupp 2005-04-20, 5:51 pm |
| Do you have a firewall? If not, get one (if you are using a router behind
your DSL modem you probably have one). Set the firewall to block all
incoming requests (you're at risk for more than just tampering through your
web-server).
After that is set up run a full virus scan. Then get a couple of spyware
removal tools and run them as well (I like SpyBot SD). You might also want
to pick up a software firewall product like Norton Personal Firewall. Its a
bit pricey and can be quite intrusive but it will tell you when programs try
to access the internet (helps detect spyware).
--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"btopenworld" <john@siteweave.net> wrote in message
news:d4575d$h72$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
>A couple of years ago, I had a mild hack of the default windows web page in
> inetpub because I was running IIS whilst my DSL connection was on. Ever
> since, I have disconnected the DSL before running IIS.
>
> Could anyone give me advice on running IIS safely as a local testing
> server
> (for asp pages) whilst online?
>
> I have to admit that I run an admin account (win2000) so I know this is
> one
> thing I should change.
>
> TIA
>
> John
>
>
>
>
| |
| btopenworld 2005-04-20, 5:51 pm |
| Thanks Jeff - your suggestion made me look at the options in Zonealarm
(firewall) - from there I can block internet traffic but leave local
traffic working - does that sound like a secure solution.
Thanks again.
John
"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:426667d4.409493911@msnews.microsoft.com...
> On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
> <john@siteweave.net> wrote:
>
in[vbcol=seagreen]
server[vbcol=seagreen]
>
> You could set IIS to answer on only 127.0.0.1 and use a hosts file if
> you need name resolution to that. That address won't answer off your
> local system. Check the IIS group for a lot more security
> possibilities, as well as:
>
> Security Checklists:
>
http://www.microsoft.com/technet/tr...chnet/security/
Default.asp
>
> From Blueprint to Fortress: A Guide to Securing IIS 5.0:
>
http://www.microsoft.com/technet/pr...depovg/securiis
..asp
>
> Jeff
| |
| btopenworld 2005-04-20, 5:51 pm |
| Thanks Mark
I do run a software firewall (Zonealarm) and following your suggestion I
have now used this to block internet traffic to the server.
( I do use adaware and spybot and have good antivirus)
Thanks again for your suggestions.
John B
"Mark Schupp" <notvalid@email.net> wrote in message
news:#QBwf7bRFHA.2664@TK2MSFTNGP15.phx.gbl...
> Do you have a firewall? If not, get one (if you are using a router behind
> your DSL modem you probably have one). Set the firewall to block all
> incoming requests (you're at risk for more than just tampering through
your
> web-server).
>
> After that is set up run a full virus scan. Then get a couple of spyware
> removal tools and run them as well (I like SpyBot SD). You might also want
> to pick up a software firewall product like Norton Personal Firewall. Its
a
> bit pricey and can be quite intrusive but it will tell you when programs
try
> to access the internet (helps detect spyware).
>
> --
> --Mark Schupp
> Head of Development
> Integrity eLearning
> www.ielearning.com
>
>
> "btopenworld" <john@siteweave.net> wrote in message
> news:d4575d$h72$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
in[vbcol=seagreen]
>
>
| |
| Jeff Cochran 2005-04-20, 5:51 pm |
| On Wed, 20 Apr 2005 16:12:21 +0000 (UTC), "btopenworld"
<john@siteweave.net> wrote:
>Thanks Jeff - your suggestion made me look at the options in Zonealarm
>(firewall) - from there I can block internet traffic but leave local
>traffic working - does that sound like a secure solution.
Sure. Whatever works in your setup. Secure your system properly,
lock the IIS to responding only on an inside or localhost IP and block
port 80 inbound in your firewall.
Jeff
>Thanks again.
>
>John
>
>
>"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
>news:426667d4.409493911@msnews.microsoft.com...
>in
>server
>http://www.microsoft.com/technet/tr...chnet/security/
>Default.asp
>http://www.microsoft.com/technet/pr...depovg/securiis
>.asp
>
|
|
|
|
|