Re: iis security for test server
- From: prince1709 <prince1709@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 7 Dec 2009 23:15:01 -0800
"David Wang [Msft]" wrote:
When you install IIS5, it is going to listen on all network interfaces byHow do u test .ASP files ?
default. I do not know whether your internet access from the test server is
via direct connection or proxied. If it is direct connection (i.e. the test
server is connected to the broadband modem), then your test server is live
on the Internet and is probably already hacked if unpatched. If it is
proxied (i.e. test server is attached to a hub/switch with an internal IP
address, and the broadband modem is connected to some other device which
manages internal/external IP address mapping), then you're probably Ok, but
you still need to patch the server.
I would seriously consider flattening this server and starting over if you
suspect anything on the box, to be safe.
Network-based attacks do not need domains -- they need an IP address.
Personally, for testing ASPX pages, there are two approaches.
1. Use Cassini, which is a simple-minded ASP.Net web server useful only for
testing ASP.Net pages. Check out www.asp.net for more info
2a. Install the Microsoft Loopback adapter (go to add a new HW Network
Card, and loopback is one of the choices)
b. Manually configure the IP of the loopback to a private, non-routable
address (like 192.168.x.y)
c. Configure your websites on IIS to only listen on the IP from 2b
d. (Optionally) configure IP Security in IIS to deny access to all but
localhost
In both cases, access to the ASPX page is localhost only.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"dawg3294" <dawg3294@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:059FE7FF-F87B-4851-9844-E800A5265D77@xxxxxxxxxxxxxxxx
I am using IIS 5 to run a test server. (I use it to test my aspx
pages before uploading them to my real server, which outsiders
can see. The server that it is on has access to the internet, but
I have never set the IIS server to allow outsiders to view the
website.
Is there any way outsiders can access the website/server? I
would prefer they not be able to. As I understand it, I would
have to register my domain before IIS hacker vulnerabilities
become an issue. Or does the fact that my computer has
internet access make it possible for people/viruses to access
the server somehow?
Thanks for any enlightenment. I'm new at this. Also, any
articles you can point me towards for further research would be
appreciated.
Testing of ASPX can only be done on localhost..
I'm currently using Visual Web Developer Express Editions 2008, there is no
way to debug it. It cannot run properly.
Is there any other ways.?
.
- Prev by Date: RE: IIS 7 Catastrophic Failure :: COMException :: Microsoft.JScript
- Next by Date: Re: iis security for test server
- Previous by thread: RE: IIS 7 Catastrophic Failure :: COMException :: Microsoft.JScript
- Next by thread: Re: iis security for test server
- Index(es):
Relevant Pages
|
