There are no IIS 6 hotfixes, and all around IIS 6 + Windows Server 2003 are
more secure.

What security precautions to take depends on your config (2000 or 2003)
since IIS 6 was almost completely re-written

--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.imbored.biz - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. If I see an email I didn't ask for, it will be
deleted without reading.


[quoted text, click to view]

Here is the Cumulative Patch for Internet Information
Service (811114)(Windows2000+SP4+IIS5)

Microsoft Security Bulletin MS03-018

http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/Bulletin/MS03-018.asp

The IIS 5.0 patch can be installed on systems running
Windows 2000 Service Pack 2 or Service Pack 3 or Service
Pack 4.

Hi Steven,

Very good question!

Windows 2003 provides more secure settings for windows 2000 as Jonathan has posted. The configuration of your box is very important for its
secure in the internet. From my experience on secure, I'd suggest you can perform some configurations to secure your box.

Generally speaking, The latest service pack and other updates for your windows operat system are very important. You may need to install them
as soon as possible. The virus may be a threat to the safe of the OS, so you'd better use some AV, for example Trend, Norton etc, to keep your
server out of virus.

The permission wizard of IIS5 is a useful tool for you to set the access permission to your web site. The tool is located at the right-click popup
menu "All Tasks->Permission Wizard" of the site. In IIS6, you can right-click the web site or virtual directory and find one permission item there
which can help you to set the NTFS permission. The IIS5/6 online documentation will help you some on this.

As a common issue to the security on websites, it is highly recommended to put your server under a firewall. The firewall will keep filtering the web
access and keep you server running in a safe environment.

Microsoft also supplies tools with windows to help you check your server's secure. The "Security Configuration and Analysis" and "Security
templates" snap-ins can be added into the MMC which supply server's secure info to you and give you some suggestion about the secure. With the
two tools, you could check your Server thoroughly.
To use them, you could do as the steps listed below:
1. Type 'mmc' in the start->run
2. press CTRL+M or select the command from 'Console->Add/Remove Snap-in'
3. In the pop up window, press 'Add...'
4. Select the tow tools from the Dialog
The documentation will help you a lot on how to use them well.

In addition, i will give you a suggestion that you'd better often visit Microsoft secure web site. The secure web site listed below provides the latest
information on secure and a lot of secure tools to help you make the server secure.
http://www.microsoft.com/secure

Please feel free to let me know if you have any further questions.

Does this answer your question? Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi everyone,

I am planning to deploy either Windows2000+SP4+IIS5 or Windows2003+IIS6 on
the internet,
I would like to know what are the security patches for IIS that I need to
load before
putting the server online ? or anyone can provide me a link or white paper
regarding
this. Thanks in advance

Steven