iis security: Intranet web server security -- iis security

Re: Intranet web server security

Roger Abell [MVP]
4/11/2008 7:23:07 AM

If you are concerned about security then do not use Windows 2000
for a new install as it is nearing the end of its supported lifecycle
and will like stop having patches for it before you are done using
the new intranet website. Also, IIS 7 if far superior to IIS 5, as is
also the case with IIS 6.

Roger (Security MVP)

[quoted text, click to view]

Re: Intranet web server security

mattie
4/13/2008 9:04:00 AM

I understand what you're saying, but Win2k and IIS 5 are what I have to work
with for now. This is being used for development and we'll have to support
Win2k through at least Win2003 for now. What points of security do I need to
be concerned with now for Win2k/IIS 5 as an intranet server?

--
Thanks,
Mattie

[quoted text, click to view]

Re: Intranet web server security

Roger Abell [MVP]
4/21/2008 6:26:25 AM

I am not sure whether the IIS 5 and W2k specific material is
available any longer in the guidance series off the websites
www.microsoft.com/security www.microsoft.com/technet/security
but much of the material has not changed greatly to the newer
release versions (except for things not available in the older).
The degree to which one attempts to harden a service point
depends on the threat model you assume, such as how trusted
or not the user base is that can poke at the intranet server.

Roger

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the iis security group.