"EddieF" <EddieF@discussions.microsoft.com> wrote in message
news:BA1FBF1E-15DC-4026-941E-F6E722F206E9@microsoft.com...
> Hello,
>
> I am new at setting up IIS Web Servers . I need to make sure that a new
> Web
> Server running on Windows 2003 SP1 server with IIS 6 is set up securely.
> Here are the steps I've already taken:
>
> 1) Created two NTFS partitions - one for the system and another for data
> 2) Installed URLScan - not sure about the best way to configure it
> 3) Ran the 2003 SP1 Security Configuration Wizard
> 4) Renamed the admin account
> 5) Installed virus and spyware scanners
> 6) Ran the Microsoft Baseline Security Analyzer
> 7) Plan to use a Verisign certificate to secure the web site
> 8) Installed two NIC cards -- one to DMZ side of firewall and other to our
> network to access a database required for the IIS server.
> 9) Redirected incoming SSL traffic to the IIS Server on the DMZ interface.
>
> I would appreciate any other ideas on how best to secure an IIS server.
>
> One other thing I'm concerned about is the fact that this server has two
> NIC
> cards -- one connects to our firewall DMZ and the other connects to the
> local
> network. Would it be easy for a hacker to get to our local network if
> he/she
> accesses the server from the other card connected to the DMZ? In other
> words
> could they connect to one interface and come out the other interface into
> our
> network. What would be the best way to prevent this from happening?
>
> Thanks in advance for you suggestions. I appreciate your help.
>
> EddieF
>
>