Solved

IIS security question

Posted on 2006-06-22
4
180 Views
Last Modified: 2011-09-20
I currenty have my email gateway server running on a windows 2003 server.  I'm using GFI Mail Essentials/Security for my spam/virus/trojan scanner.  This server is also a front end Exchange server.  It provides OWA access to my remote users.  OWA is being accessed via SSL.  This leaves only the SMTP and SSL ports open on the firewall to this server.  I'm wanting to move my intranet website to this server.  It will be only accessible from within the LAN.  I will NOT be opening up port 80 on the firewall.  This this an okay configuration in regards to security, or, should I look at adding another layer of security?
0
Comment
Question by:gopher_49
  • 2
  • 2
4 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 16962362
I personally do not see any particular problem with this.

It will not reduce security on the server but it may increase the damage that can be done if someone does manage to penetrate the server.

Dave Dietz
0
 

Author Comment

by:gopher_49
ID: 16969182
What can I do to monitor the security of IIS and to help moderate the damage if the server is compromised.  I guess once it's penetrated it's a done deal...  I know of the IIS lock down tool, and the url scanner, however, what else is there to improve the security of IIS?
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
ID: 16972262
Neither the IIS lockdown tool or URLScan improves the security of IIS 6.0 - their basic functionality is already built into IIS 6.0.

IIS 6.0 installs in a locked down configuration by default.  As long as you only enable the features your site requires you shouldn't really need to do anything else aside from make sure you stay current with security updates.

Beyond that I would suggest checking the logs routinely for suspect behavior, but if you wil only be accessing the Intranet site from within your own network you shouldn't need to worry too much.

As far as moderting the damage - not sure what to say here aside from make sure the machine is *not* a DC or else a penetration will have domain wide effects and be sure to properly permission all content so that if the penetration doesn't involve an admin account the perpetrator can't access everything.

Dave Dietz
0
 

Author Comment

by:gopher_49
ID: 16972717
thanks.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now