Re: Questions about W2K and IIS Server Security
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/05/04
- Next message: David Wang [Msft]: "Re: enumerate IIS dependent services"
- Previous message: Dan Szepesi: "Re: Response time of IIS"
- In reply to: Andrew McCall: "Questions about W2K and IIS Server Security"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 5 Feb 2004 04:41:17 -0800
A side effect of "Windows File Protection" which watches over Windows files
and prevent external corruption of them is that random directories get this
special treatment and become un-deletable. "c:\program files\common
files\system\msadc" is probably one such directory (I question many, many of
the ones in "Program Files" under WFP because I like clean directories, but
I'm ok with being able to eradicate the files)
Regarding iissamples, iishelp, and msadc -- I would delete the Virtual
Directories and the physical files themselves if you don't use them.
However, note that deleting iishelp is physically removing all IIS help
files (but you've still got MSDN for all the content). The same applies for
the "scripts" virtual directory as well -- make sure to lock that down.
You can read this URL about IPC$ (and many others) --
http://www.sans.org/top20/ -- read through all the Windows top 10 list and
apply the given mitigation.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Andrew McCall" <mccall@h2o.demon.co.uk> wrote in message news:3140c7c0.0402040404.1faae7d9@posting.google.com... Hi Folks, I have a W2K server running IIS5, being a traditional UNIX user, and hearing some horror stories I am trying to be as carefull as possible when setting up this server. I have followed many guides to securing this server such as "From Blueprint to Fortress: A Guide to Securing IIS 5.0" and the "IIS Security Best Practices" by Thom Robbins. Despite questioning why the default setup is so poor, I am stating to get pretty impressed with it. I still have two areas I am unsure about: I have removed administrive shares from the server using the HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareServ er registery key, however it appears that the CD-ROM E$ drive is still being shared. I have disabled this by visiting the Properties for the E: drive so its no longer shared. Should I worry about this not stopping due to the registery key? IPC$ is sill shared too - I presume this is needed, can someone clarify this please? The other area I am concerned about are the Hisecweb.inf Security Template's. I don't fully understand it. Can someone explain what it is, why its needed. Does anyone have any tutorials on this? Its recommended that you delete iissamples, iishelp and msadc. I wasn't too sure if I should literaly delete them, or just remove them as virtual directorys. I opted to literaly delete them :) I still have them incase I need to restore at some point. I was, however, unable to delete the c:\program files\common files\system\msadc directory due to a sharing violation. Can anyone suggest why? Thanks, Andrew McCall
- Next message: David Wang [Msft]: "Re: enumerate IIS dependent services"
- Previous message: Dan Szepesi: "Re: Response time of IIS"
- In reply to: Andrew McCall: "Questions about W2K and IIS Server Security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
