Solved

IIS Attacks

Posted on 2004-04-13
8
250 Views
Last Modified: 2013-12-04
Hi,

I am new to IIS security and am wondering a couple of things:
1) We log the events of our iis machine, how can i tell if someone is trying to break into our server from the log files?
2) Is there any where i can find advice on security polices and implementation of iis?
0
Comment
Question by:cossy74
8 Comments
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 250 total points
ID: 10819245
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10819247
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10819392
You can also check out what hacker behaviour looks like with a program like Nessus, as it is a popular hacker tool. Or implement and IDS like Snort. Gfi Languard network security scanner is also a valuable assessment threat tool. Nessus is more up2date and regular audits should be run often on your network. An IDS like snort can alert you in real-time when an attack may be occuring.  The links above did not mention the IIS lockdown tool... http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp This can help alot... please test.
http://www.nessus.org/
http://www.gfi.com/lannetscan/
http://www.snort.org/
GL!
-rich
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10820859
How to secure your Internet Information server for Windows 2000 (IIS 5.0)
http://www.zensecurity.co.uk/default.asp?URL=IIS5

Comparing Microsoft Security and Acceleration (ISA) Server 2000 and Windows Xp Internet Connection Firewall
http://www.microsoft.com/isaserver/techinfo/planning/isaicfcompare.asp

HOW TO: Access Network Files from IIS Applications
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q207/6/71.ASP&NoWebContent=1#8

IIS 5: HiSecWeb Potential Risks and the IIS Lockdown Tool (Q316347) - A security template for configuring IIS.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316347&id=Q316347

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 10820863
CERT Coordination Center: How to recover an already compromised system
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Port scan: Get an instant security analysis now. You don't even need to know your own IP address!
http://www.dslreports.com/scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm

Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570
 
0
 

Author Comment

by:cossy74
ID: 10855738
I split the points because both where very helpful in the topic.. thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10855753
Thanks so much
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10863095
:o) Glad we could help you - thank you for the points
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question