Solved

IIS Attacks

Posted on 2004-04-13
8
253 Views
Last Modified: 2013-12-04
Hi,

I am new to IIS security and am wondering a couple of things:
1) We log the events of our iis machine, how can i tell if someone is trying to break into our server from the log files?
2) Is there any where i can find advice on security polices and implementation of iis?
0
Comment
Question by:cossy74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 250 total points
ID: 10819245
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10819247
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10819392
You can also check out what hacker behaviour looks like with a program like Nessus, as it is a popular hacker tool. Or implement and IDS like Snort. Gfi Languard network security scanner is also a valuable assessment threat tool. Nessus is more up2date and regular audits should be run often on your network. An IDS like snort can alert you in real-time when an attack may be occuring.  The links above did not mention the IIS lockdown tool... http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp This can help alot... please test.
http://www.nessus.org/
http://www.gfi.com/lannetscan/
http://www.snort.org/
GL!
-rich
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10820859
How to secure your Internet Information server for Windows 2000 (IIS 5.0)
http://www.zensecurity.co.uk/default.asp?URL=IIS5

Comparing Microsoft Security and Acceleration (ISA) Server 2000 and Windows Xp Internet Connection Firewall
http://www.microsoft.com/isaserver/techinfo/planning/isaicfcompare.asp

HOW TO: Access Network Files from IIS Applications
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q207/6/71.ASP&NoWebContent=1#8

IIS 5: HiSecWeb Potential Risks and the IIS Lockdown Tool (Q316347) - A security template for configuring IIS.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316347&id=Q316347

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 10820863
CERT Coordination Center: How to recover an already compromised system
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

HACKYOURSELF scan: TCP Scan (65534 ports),UDP scan (800+ ports), and Netbios Scan
http://www.hackerwhacker.com/ 

IPEye is a freeware TCP port scanner
http://www.ntsecurity.nu/toolbox/ipeye/

Port scan: Get an instant security analysis now. You don't even need to know your own IP address!
http://www.dslreports.com/scan

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.
https://grc.com/x/ne.dll?bh0bkyd2

Sygate free scanning your security: quick, stealth, trojan, tcp, udp, icmp
http://scan.sygatetech.com/

If you DO NOT NEED to share files across the Internet
http://grc.com/su-fixit.htm

Security Features of Internet Connection Sharing
http://support.microsoft.com/default.aspx?scid=kb;en-us;q241570
 
0
 

Author Comment

by:cossy74
ID: 10855738
I split the points because both where very helpful in the topic.. thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10855753
Thanks so much
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10863095
:o) Glad we could help you - thank you for the points
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question