?
Solved

IIS security question

Posted on 2006-06-22
4
Medium Priority
?
185 Views
Last Modified: 2011-09-20
I currenty have my email gateway server running on a windows 2003 server.  I'm using GFI Mail Essentials/Security for my spam/virus/trojan scanner.  This server is also a front end Exchange server.  It provides OWA access to my remote users.  OWA is being accessed via SSL.  This leaves only the SMTP and SSL ports open on the firewall to this server.  I'm wanting to move my intranet website to this server.  It will be only accessible from within the LAN.  I will NOT be opening up port 80 on the firewall.  This this an okay configuration in regards to security, or, should I look at adding another layer of security?
0
Comment
Question by:gopher_49
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 16962362
I personally do not see any particular problem with this.

It will not reduce security on the server but it may increase the damage that can be done if someone does manage to penetrate the server.

Dave Dietz
0
 

Author Comment

by:gopher_49
ID: 16969182
What can I do to monitor the security of IIS and to help moderate the damage if the server is compromised.  I guess once it's penetrated it's a done deal...  I know of the IIS lock down tool, and the url scanner, however, what else is there to improve the security of IIS?
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 1000 total points
ID: 16972262
Neither the IIS lockdown tool or URLScan improves the security of IIS 6.0 - their basic functionality is already built into IIS 6.0.

IIS 6.0 installs in a locked down configuration by default.  As long as you only enable the features your site requires you shouldn't really need to do anything else aside from make sure you stay current with security updates.

Beyond that I would suggest checking the logs routinely for suspect behavior, but if you wil only be accessing the Intranet site from within your own network you shouldn't need to worry too much.

As far as moderting the damage - not sure what to say here aside from make sure the machine is *not* a DC or else a penetration will have domain wide effects and be sure to properly permission all content so that if the penetration doesn't involve an admin account the perpetrator can't access everything.

Dave Dietz
0
 

Author Comment

by:gopher_49
ID: 16972717
thanks.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question