?
Solved

IIS Attacks

Posted on 2004-04-13
8
Medium Priority
?
254 Views
Last Modified: 2013-12-04
Hi,

I am new to IIS security and am wondering a couple of things:
1) We log the events of our iis machine, how can i tell if someone is trying to break into our server from the log files?
2) Is there any where i can find advice on security polices and implementation of iis?
0
Comment
Question by:cossy74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 1000 total points
ID: 10819245
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10819247
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10819392
You can also check out what hacker behaviour looks like with a program like Nessus, as it is a popular hacker tool. Or implement and IDS like Snort. Gfi Languard network security scanner is also a valuable assessment threat tool. Nessus is more up2date and regular audits should be run often on your network. An IDS like snort can alert you in real-time when an attack may be occuring.  The links above did not mention the IIS lockdown tool... http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp This can help alot... please test.
http://www.nessus.org/
http://www.gfi.com/lannetscan/
http://www.snort.org/
GL!
-rich
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 12

Expert Comment

by:trywaredk
ID: 10820859
How to secure your Internet Information server for Windows 2000 (IIS 5.0)
http://www.zensecurity.co.uk/default.asp?URL=IIS5

Comparing Microsoft Security and Acceleration (ISA) Server 2000 and Windows Xp Internet Connection Firewall
http://www.microsoft.com/isaserver/techinfo/planning/isaicfcompare.asp

HOW TO: Access Network Files from IIS Applications
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q207/6/71.ASP&NoWebContent=1#8

IIS 5: HiSecWeb Potential Risks and the IIS Lockdown Tool (Q316347) - A security template for configuring IIS.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316347&id=Q316347

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 1000 total points
ID: 10820863
CERT Coordination Center: How to recover an already compromised system
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Port scan: Get an instant security analysis now. You don't even need to know your own IP address!
http://www.dslreports.com/scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm

Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570
 
0
 

Author Comment

by:cossy74
ID: 10855738
I split the points because both where very helpful in the topic.. thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10855753
Thanks so much
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10863095
:o) Glad we could help you - thank you for the points
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month11 days, 11 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question