Solved

IIS Security

Posted on 2006-11-25
8
1,161 Views
Last Modified: 2013-12-04
hello,experts
  i can see such info in win2k system log (security log):
  successful network logon : user:IUSR_Server domain:Server logon ID:(0x0,0x9D3DD)
                             logon model: 3      logon procedure: IIS
                             authentication process:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
                             workstation:Server
  how this happen?can they really logon my system? what can they do on my machine? i have stoped the SERVER process.but the same infomation still  happen at about 03:00~05:00.
  what can i do then?i want to make my system more strong.    
0
Comment
Question by:martinbjlee
8 Comments
 
LVL 9

Accepted Solution

by:
trenes earned 84 total points
ID: 18011241
Hi martinbjlee,

Run the Microsoft Baseline Security Tool to see if you are well protected or not.
IUSR user is used by IIS and I think its just the IIS process that logs on not a user but run the MBSA tool.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx


Cheers!
regards,

Trenes
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 18013064
The IUSR_Server account is the generic account used to access resources over HTTP that the server is providing.  This account should not be used to access anything but web-content.  If this server is running IIS 5.0, then you must consider running the IIS lock-down tool to secure Windows 2000 and IIS.

A better option would be to ugrade your installation to Windows Server 2003 and IIS 6.0.

/F
0
 

Author Comment

by:martinbjlee
ID: 18013330
Hi Firebar,
     what shall i do to get "This account should not be used to access anything but web-content".whether the account should be delete from the guest groups?     i will study the IIS lock-down tool.

Hi Trenes,
     i intall the MBSA tool on the server at Friday,but it can't run ,i don't konw what 's the problem.
     what document i can study  to find what the IUSR_Server 's info,i think i must study it .
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:martinbjlee
ID: 18014078
Hi Firebar,
     where can i download the IIS lock_down tool ?the tool is for IIS 5.0 security ?
0
 
LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 83 total points
ID: 18014372
The IIS lock-down tool can be downloaded from Microsoft's web-site.  

Try:  http://www.google.com/microsoft  and search for the IIS lock-down tool.  I am sorry, I don't know the exact URL.

I would start by determining the group membership the IUSR account has involvment.  Take the critical areas of the filesystem and make sure that user account and it's groups do not have unauthorized access to that filesystem.  The IIS lock-down tool will help to do exactly that.

/F
0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 83 total points
ID: 18014511
Please don't delete the IUSR account, otherwise your web server won't work, and IIS will undoubtedly need reinstalling!
MSBA 2.0 is a good start - but think about other things too -ie physical security, policies, procedures, run regular vulnerability scans, as MSBA alone will not offer you compelte protection.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101079
Forced accept.

Computer101
EE Admin
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question