Re: Securing IIS v6
From: Phillip Windell (_at_.)
Date: 04/23/04
- Next message: kterry: "Digital ID??"
- Previous message: Billy S.: "IIS Net Taking Changes"
- In reply to: Z D: "Re: Securing IIS v6"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 23 Apr 2004 11:09:29 -0500
If it is Server Published from behind ISA then the user will contact 80
(and/or/maybe 443) directly just as if it was directly exposed to the
Internet. However all other ports would not be exposed since ISA is only
publishing what is required.
If it is Web Published then the users are contacting only ISA and then ISA
is "proxying" the request back to the published web server, so it is a bit
of a different concept.
In my opinion, if it is behind ISA (either method), then there really isn't
much"hardening" being done to the web server at all since it must be able to
function on the LAN. It is when you place it outside the system "on its
own" that you have to get picky about it.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com "Z D" <NOSPAM@NOSPAM.com> wrote in message news:Okr4$BUKEHA.3492@TK2MSFTNGP09.phx.gbl... > Phillip, > > Thanks for the response. Good point. Guess I have to figureout the > tradeoffs between making it too hard vs having it operational on the > internal LAN. > > So is it safe to assume the only way an attacker could hit the machine is on > port 80? > > Thanks! > -ZD > > "Phillip Windell" <@.> wrote in message > news:uB5RWdTKEHA.2144@TK2MSFTNGP10.phx.gbl... > > Server2003 isn't a feeble OS. It can stand on it's own exposed to the > > Internet as long as it is configured securely and kept updated. Putting > it > > behind ISA will of course help some and can be Server Published or Web > > Published depending on your needs. I'm sure there are some security > guides > > in MS's site for deploying a 2003 webserver, but I don't have any links. > But > > be careful about going "over board" with any "hardening" if you are going > to > > put it behind ISA because in that scenario it still needs to be able to > > function on the LAN. > > > > -- > > > > Phillip Windell [MCP, MVP, CCNA] > > www.wandtv.com > > > > "Z D" <NOSPAM@NOSPAM.com> wrote in message > > news:e1vVo8JKEHA.3592@TK2MSFTNGP09.phx.gbl... > > > Hello, > > > > > > I'm currently looking at putting a Windows Server 2003 / IIS v6.0 server > > in > > > a co-located environment so that it can be accessed by the general > public > > on > > > the Internet. The IIS server will be serving up ASP/ASP.NET, Web > > Services > > > and FTP. > > > > > > I was wondering if putting this server behind an ISA Firewall with > server > > > publishing is enough in terms of protection? What else can/should I do > to > > > protect the box from being hacked? > > > > > > Thanks! > > > -ZD > > > > > > > > > > > > > > >
- Next message: kterry: "Digital ID??"
- Previous message: Billy S.: "IIS Net Taking Changes"
- In reply to: Z D: "Re: Securing IIS v6"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
