Hi all,

I have IIS 5.1 and dotnet 2003. I want to provide 100% secutity to
IIS. It should not affect by hackers.
How can I do this?
Are there any articles on this?

Please suggest me. I am new to IIS.

Thanks in advance.
--
Regards,

Hi

I don't think it's possible to provide 100% security to your applications.
However, the more knowledge you have, the more you can achieve.

Here's a URL containing a good deal of resources for securing your apps from
a developer point of view:

http://www.microsoft.com/uk/msdn/security/resource_types.aspx?s=patterns+and+practices\Application+Blocks

Here's the TechNet security page, also containing resources:

http://www.microsoft.com/uk/technet/security/default.mspx

It contains guidance for locking down Windows as well as IIS. Also look at
the tools for checking security configuration (MBSA etc.).

It would be good to look at a holistic approach to security - look further
than just the technical side:

http://download.microsoft.com/documents/uk/msdn/devdave/Patterns_and_Practices_Security_Guidance.doc

the last article has useful resources on Security Engineering and Threat
Modelling.

Hope this is a good start. I'm sure other contributors will have a lot of
recommendations.

Cheers




--
----------------------------------
Chris Seary
http://blog.searyblog.com/




[quoted text, click to view]