Solved

IIS Attacks

Posted on 2004-04-13
8
251 Views
Last Modified: 2013-12-04
Hi,

I am new to IIS security and am wondering a couple of things:
1) We log the events of our iis machine, how can i tell if someone is trying to break into our server from the log files?
2) Is there any where i can find advice on security polices and implementation of iis?
0
Comment
Question by:cossy74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 250 total points
ID: 10819245
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10819247
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10819392
You can also check out what hacker behaviour looks like with a program like Nessus, as it is a popular hacker tool. Or implement and IDS like Snort. Gfi Languard network security scanner is also a valuable assessment threat tool. Nessus is more up2date and regular audits should be run often on your network. An IDS like snort can alert you in real-time when an attack may be occuring.  The links above did not mention the IIS lockdown tool... http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp This can help alot... please test.
http://www.nessus.org/
http://www.gfi.com/lannetscan/
http://www.snort.org/
GL!
-rich
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10820859
How to secure your Internet Information server for Windows 2000 (IIS 5.0)
http://www.zensecurity.co.uk/default.asp?URL=IIS5

Comparing Microsoft Security and Acceleration (ISA) Server 2000 and Windows Xp Internet Connection Firewall
http://www.microsoft.com/isaserver/techinfo/planning/isaicfcompare.asp

HOW TO: Access Network Files from IIS Applications
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q207/6/71.ASP&NoWebContent=1#8

IIS 5: HiSecWeb Potential Risks and the IIS Lockdown Tool (Q316347) - A security template for configuring IIS.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316347&id=Q316347

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 10820863
CERT Coordination Center: How to recover an already compromised system
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Port scan: Get an instant security analysis now. You don't even need to know your own IP address!
http://www.dslreports.com/scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm

Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570
 
0
 

Author Comment

by:cossy74
ID: 10855738
I split the points because both where very helpful in the topic.. thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10855753
Thanks so much
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10863095
:o) Glad we could help you - thank you for the points
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question