Solved

security audit iis 7.0

Posted on 2014-02-15
1
182 Views
Last Modified: 2014-02-24
i have a web server and this is our first audit.
our web hosting failed a couple of tests and the recommended fixes are curious to me.

doesnt iis get its updates through regular windows updates?  the fixes for all our failures have remediation of updating secuirty on iis 7.0

but the server is totally updated...
is there an update iis only utility?
0
Comment
Question by:jamesmetcalf74
1 Comment
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 39862384
Is this for pci?  are you on a shared server, cloud or dedicated?  

In the case of pci compliance, if you feel something is up to date, you can submit a written response that it is up to date.  I also noticed that I could be scanned and several quarters in a row and no changes to anything and the next scan is throwing a fit mostly over nothing.  I think the scanning companies need to prove their software is doing something.  When I contacted the provider, their answer is "our own software is continually updated...."

However, there were a few items I remember thinking they were trivial and after researching they were not.   Do your research on each item.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL Certificate 3 50
Machine Key during migration form IIS6 to 8.5 2 54
"Realm" or "Domain" prompt 11 41
IIS 7.5 to 8.0 6 72
Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now