Nessus is a wonderful tool but is only one item to find holes (my favorite
tool). Here is a document with several links to great information in
locking down a web server.
http://windowsadvice.com/blogs/owsteve/archive/2005/03/04/14.aspx You could
also turn off services to lock it down more. Most of these are the
Microsoft specific services. Unfortunately you can not use some tools to
manage the server. So balancing security and manageable is a fine line.
-messenger/alert services
-workstation/server services - This turns off access via admin shares
-Turn off NetBIOS in the network properties, Client for Microsoft and file
and print sharing. (ports 139, 445)
-becareful if you use SNMP, to turn off PUBLIC and restrict which nodes can
send SNMP traps.
-block access to port 135 RPC from the outside
-deploy AV on the server running real-time services
Hope that helps,
Steve Schofield
Microsoft MVP - ASP/ASP.NET
ASPInsider Member - MCP
http://www.orcsweb.com/ Managed Complex Hosting
#1 in Service and Support
[quoted text, click to view] "NL" <NL@discussions.microsoft.com> wrote in message
news:C671372D-1218-44EE-B2CC-55D406AB1660@microsoft.com...
> OS: Windows 2003 Server
> Service Pack: 1
> Server role: Citrix Secure Gateway server (Web Server)
> Updates applied: SP1; Windows malicious software remove tool - April 2005
>
> Running a nessus scan on the server produced the following:
> ------------------------------------------------------------------------------------------------
> Name: IIS Service Pack - 404 Service: https (443/tcp)
> Summary: IIS Service Pack Check
> Category: Web Servers
>
> Details:
> The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 37
> ------------------------------------------------------------------------------------------------
>
> There are a few more security updates that need to be applied. Other than
> applying these updates, is there another area that I should be
> investigating?
>
