Solved

IIS security question

Posted on 2006-06-22
4
178 Views
Last Modified: 2011-09-20
I currenty have my email gateway server running on a windows 2003 server.  I'm using GFI Mail Essentials/Security for my spam/virus/trojan scanner.  This server is also a front end Exchange server.  It provides OWA access to my remote users.  OWA is being accessed via SSL.  This leaves only the SMTP and SSL ports open on the firewall to this server.  I'm wanting to move my intranet website to this server.  It will be only accessible from within the LAN.  I will NOT be opening up port 80 on the firewall.  This this an okay configuration in regards to security, or, should I look at adding another layer of security?
0
Comment
Question by:gopher_49
  • 2
  • 2
4 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 16962362
I personally do not see any particular problem with this.

It will not reduce security on the server but it may increase the damage that can be done if someone does manage to penetrate the server.

Dave Dietz
0
 

Author Comment

by:gopher_49
ID: 16969182
What can I do to monitor the security of IIS and to help moderate the damage if the server is compromised.  I guess once it's penetrated it's a done deal...  I know of the IIS lock down tool, and the url scanner, however, what else is there to improve the security of IIS?
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
ID: 16972262
Neither the IIS lockdown tool or URLScan improves the security of IIS 6.0 - their basic functionality is already built into IIS 6.0.

IIS 6.0 installs in a locked down configuration by default.  As long as you only enable the features your site requires you shouldn't really need to do anything else aside from make sure you stay current with security updates.

Beyond that I would suggest checking the logs routinely for suspect behavior, but if you wil only be accessing the Intranet site from within your own network you shouldn't need to worry too much.

As far as moderting the damage - not sure what to say here aside from make sure the machine is *not* a DC or else a penetration will have domain wide effects and be sure to properly permission all content so that if the penetration doesn't involve an admin account the perpetrator can't access everything.

Dave Dietz
0
 

Author Comment

by:gopher_49
ID: 16972717
thanks.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now