i'm curious about IIS security issues - Tilted Forum Project Discussion Community

split lickety · 09-25-2003, 01:56 PM

i recently created a website on my home box with IIS. i'm running XPpro. its easy to use and it works great. what i'm wondering is if anyone out there can give me a clue as to what security risks i'm running. i have anonymous browsing enabled so i can share files with people in forums such as this one. the only firewall i'm running is the one that comes with XP. am i at any more risk than anyone else with a constant internet connection? i figure my lack of a real firewall is my main prob but i just don't know that much about what is possible for a hacker to do. i hope this is enough info for you guys. any feedback would be helpful. thanks. split.

hrdwareguy · 09-25-2003, 02:47 PM

It's not the lack of a firewall that is a problem. It's all the security holes in IIS.

First, go to the MS website and get all the updates for IIS and install them. They are listed here

Also get the IIS lockdown tool and run it. Turn off all the crap that you don't need. If you aren't sure if you need it or not, turn it off.

split lickety · 09-25-2003, 03:32 PM

thank you. i'm installing all the updates now.

should that take care of my worries? i know someone who is determined to get into my box probably can, i was just worried about opening a gate for everyone.

thanks again.
split

split lickety · 09-25-2003, 08:44 PM

ok now nobody can see me. what the hell did i do? ack.

peacy · 09-26-2003, 12:18 AM

Why don't you just simply put your worries aside and install Apache (available from here)
I was using it on my Win2k gateway... Never trusted IIS. Than I finally made some time and installed a proper gateway (Linux

)...

split lickety · 09-26-2003, 12:19 AM

thanks. i'll try it in the morning.

09-25-2003, 01:56 PM	#1 (permalink)
split lickety Banned Location: eugene, OR	i'm curious about IIS security issues i recently created a website on my home box with IIS. i'm running XPpro. its easy to use and it works great. what i'm wondering is if anyone out there can give me a clue as to what security risks i'm running. i have anonymous browsing enabled so i can share files with people in forums such as this one. the only firewall i'm running is the one that comes with XP. am i at any more risk than anyone else with a constant internet connection? i figure my lack of a real firewall is my main prob but i just don't know that much about what is possible for a hacker to do. i hope this is enough info for you guys. any feedback would be helpful. thanks. split.

09-25-2003, 02:47 PM	#2 (permalink)
hrdwareguy "Officer, I was in fear for my life" Location: Oklahoma City	It's not the lack of a firewall that is a problem. It's all the security holes in IIS. First, go to the MS website and get all the updates for IIS and install them. They are listed here Also get the IIS lockdown tool and run it. Turn off all the crap that you don't need. If you aren't sure if you need it or not, turn it off. __________________ Gun Control is hitting what you aim at Aim for the TFP, Donate Today

09-25-2003, 03:32 PM	#3 (permalink)
split lickety Banned Location: eugene, OR	thank you. i'm installing all the updates now. should that take care of my worries? i know someone who is determined to get into my box probably can, i was just worried about opening a gate for everyone. thanks again. split

09-25-2003, 08:44 PM	#4 (permalink)
split lickety Banned Location: eugene, OR	ok now nobody can see me. what the hell did i do? ack.

09-26-2003, 12:18 AM	#5 (permalink)
peacy Crazy Location: Reading, UK	Why don't you just simply put your worries aside and install Apache (available from here) I was using it on my Win2k gateway... Never trusted IIS. Than I finally made some time and installed a proper gateway (Linux )...

09-26-2003, 12:19 AM	#6 (permalink)
split lickety Banned Location: eugene, OR	thanks. i'll try it in the morning.