I read quite a lot on the Internet yesterday. Damn! IIS ver 4/5 is
really scary out of the box.
Thanks for the reply. Having cleaned up and lost (not my own)
machines over the years, I get paranoid about security. I once read
an article about a kid who cracked a SonicWall in 15 minutes. And I
know how much there is to know about security. Its become a
specialist field, and I don't have time to do anything more than the
common firewall/anti-malware things with Windows.
One thing I could do is deny access to the server address from the
router except on the LAN. Then it would be almost completely isolated...
If I ever (and I won't) decided to run a web server to the world I'd
go with Apache.
Anyway, I'm shutting it down at night, or if I don's use it for several days.
Just because I'm paranoid doesn't mean they're not out to get me. :-D
Hal
At EST 12:11 AM 12/1/2005, - Ross Nelson duly noted:
On Nov 30, 2005, at 1:34 PM, Hal wrote:
I have installed a copy of Win 2K server on a computer for my use only. I want to work with .net applications and I have installed the SDK on this server as well. It is only for serving pages to me. Although I have worked with other services of Win 2k server (file, application, print, etc) I don't know a lot about IIS. I don't want to serve pages to the outside. And yes, I have it working fine.
Naturally, I have a firewall between me and the Internet. There is no port forwarding configured in the router (using a SonicWall).
Q: Is there any way - other than some obscure hacking technique - that anyone could get to my system from the Internet?
Aside from the obvious (trojans), they would need to connect to the system through either something that's forwarded to it already (for instance, exploit some vulnerability in the file sharing...just made that up as an example, haven't been following Windows vulns for a while) or hop through another system to get to it. The latter is too much work for most people to go through and requires that they break into that system first.
Q: Is there anything else I should do to secure this server? From the outside, of course.
http://www.sun.com/software/solaris/get.jsp http://www.freebsd.org/where.html
But seriously, not that I'm by any means an expert on security, and I
haven't played much with IIS, but given what you're doing with it,
I'd say you're good. I have it running on my 2003 Server system for
Exchange and that's all I do. Obviously, if you're going to start
doing this for other people or decide to host sites for yourself/ others on the box, read a book or thirty on security, IIS, securing
IIS, and so forth. But, from my worthless little viewpoint, that's
good enough.
I don't see how there could be a problem, but...
Hindsight is 20/20. :-) ** YOUR HELP IS URGENTLY NEEDED ** DONATE to Hurricane Katrina victims: http://www.redcross.org/ DONATE Housing (Spare room, shelter) http://www.hurricanehousing.org/
--------------------------------------------------------------------------- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://www.computertalkshop.com/list_options.htm
List HowTo: http://www.computertalkshop.com/faq.htm
To join Computer Talk Shop's off topic list, please goto: http://computertalkshop.com/other_cts_lists.htm ---------------------------------------------------------------------------
** YOUR HELP IS URGENTLY NEEDED ** DONATE to Hurricane Katrina victims: http://www.redcross.org/ DONATE Housing (Spare room, shelter) http://www.hurricanehousing.org/
--------------------------------------------------------------------------- Computer Talk Shop http://www.computertalkshop.com Un-subscribe/Vacation, http://www.computertalkshop.com/list_options.htm
List HowTo: http://www.computertalkshop.com/faq.htm
To join Computer Talk Shop's off topic list, please goto: http://computertalkshop.com/other_cts_lists.htm ---------------------------------------------------------------------------
