Re: is IIS 5.0 safe?

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 04/01/04

Next message: David Wang [Msft]: "Re: consuming a web service without IIS"
Previous message: Chris Schlipalius: "Folder properties and IIS6.0 - IUSR issues"
In reply to: David Neff: "is IIS 5.0 safe?"
Next in thread: Paul Lynch: "Re: is IIS 5.0 safe?"
Reply: Paul Lynch: "Re: is IIS 5.0 safe?"
Reply: Jeff Cochran: "Re: is IIS 5.0 safe?"
Reply: David Neff: "Re: is IIS 5.0 safe?"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 31 Mar 2004 23:55:57 -0800

Several options.

IIS 5.1 comes with XP Pro and only supports one website and 10 connections.
1. It is possible to set up IP Restriction on the website such that it will
only process localhost/127.0.0.1 requests (I don't remember if this feature
is enabled in the UI or not).
2. You can also setup the Microsoft Loopback Adapter and configure the
website to only listen on that network interface, so it then becomes
impossible for IIS to even respond to non local requests while your own PC
is perfectly able to access IIS.
3. Run the software firewall and make sure that port 80 is not open.

Finally, realize that when you run server software, you become responsible
for configuring/securing it. Security is best achieved through knowledge
and configuration.

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"David Neff" <neffda77@hotmail.com> wrote in message
news:%23pe%23Kj6FEHA.2404@TK2MSFTNGP11.phx.gbl...
At work I use IIS to develop .Net applications and wanted to install it on
my home Windows XP Pro machine to do some work from home.  I'm concerned
that I'm potentially opening up my home pc to who know what kinds of
attacks.  I have a software firewall, but I don't trust that it is enough.
Is there a way to configure IIS to make it only work on the machine its
installed on in a localhost type mode or something.  I basically want to cut
it off from the outside world.
Thanks!

Next message: David Wang [Msft]: "Re: consuming a web service without IIS"
Previous message: Chris Schlipalius: "Folder properties and IIS6.0 - IUSR issues"
In reply to: David Neff: "is IIS 5.0 safe?"
Next in thread: Paul Lynch: "Re: is IIS 5.0 safe?"
Reply: Paul Lynch: "Re: is IIS 5.0 safe?"
Reply: Jeff Cochran: "Re: is IIS 5.0 safe?"
Reply: David Neff: "Re: is IIS 5.0 safe?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Permission Problems SBS2003 R1
... website on the SBS server? ... Default permissions and user rights for IIS 6.0 ... Step 3: Please check the permissions in IIS manager: ... Step 4: Re-running CEICW on SBS server: ...
(microsoft.public.windows.server.sbs)
Re: how to WEBSITE from harddrive?
... well I am connected using cable modem, WINXP PRO with IIS 5.1, and ... anyways Im fine with just the one website (i will be the onlyone designing ... > XP pro can do it, but it's limited to 1 website and only ... >>I have IIS installed and it is updated. ...
(microsoft.public.inetserver.iis)
RE: HTTP Error 403.6
... Open Server Management and expand to Internet Information Services node. ... Check Default Web Site setting under IIS ... Under Website, right click Default Website, select Properties. ... Check ISAPI Filter of Default Web Site setting. ...
(microsoft.public.windows.server.sbs)
RE: RWW
... Please rerun the CEICW, this helps us to configure network and IIS ... Open Server Management console, ... Under Website, right click Default Website, select Properties ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
IIS 5.0 and Netscape Authentication
... under IIS 5.0 in a Windows 2000 Active Directory. ... Netscape 4.x and IE 5.x running on a client or local to the server. ... Now under IIS Manager create a website that that uses the "testwebsite" ... "test" user account is a valid user account and authentication is complete. ...
(Focus-Microsoft)