Network Security: Detailed info on RE: IIS6 on W2k3 DCs

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Microsoft

[Top] [All Lists]

RE: IIS6 on W2k3 DCs

from [Devin Ganger] Network Security

[Permanent Link]

Subject:	RE: IIS6 on W2k3 DCs
Date:	Wed, 19 Jan 2005 08:35:40 -0800

Susan Bradley writes:

Aren't we all missing something here as far as this 
discussion of additional protection and IIS in general?

Didn't an IIS server survive OpenHackIV with IIS, SQL and  
IPsec?  [IIS 5 even]


You mean an IIS server that was hardened according to *best practices*
and *checklists*?

There is a huge difference in risk between an IIS/DC combo on an
internal network and that same combo serving up content to the Internet.
The impact of any misconfiguration (and resulting vulnerability) for the
latter is much, much riskier.

SBS is a great tool to solve many problems. Serving web content to the
general Internet *isn't* one of them.

-- 
Devin L. Ganger                    Email: deving@3sharp.com
3Sharp LLC                         Phone: 425.882.1032 x 109
15311 NE 90th Street                Cell: 425.239.2575
Redmond, WA  98052                   Fax: 425.702.8455

---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: IIS6 on W2k3 DCs, (continued) RE: IIS6 on W2k3 DCs, Laura A. Robinson Re: IIS6 on W2k3 DCs, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] RE: IIS6 on W2k3 DCs, Sullivan Tim P RE: IIS6 on W2k3 DCs, Sullivan Tim P RE: IIS6 on W2k3 DCs, Depp, Dennis M. Re: IIS6 on W2k3 DCs, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Re: IIS6 on W2k3 DCs, Ansgar -59cobalt- Wiechers RE: IIS6 on W2k3 DCs, Laura A. Robinson Re: IIS6 on W2k3 DCs, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Re: IIS6 on W2k3 DCs, Andrew Rice RE: IIS6 on W2k3 DCs, Devin Ganger <= Re: IIS6 on W2k3 DCs, calin oprea

Previous by Date:	Re: PGP and Outlook, Moritz Naumann
Next by Date:	Re: IIS6 on W2k3 DCs, calin oprea
Previous by Thread:	Re: IIS6 on W2k3 DCs, Andrew Rice
Next by Thread:	Re: IIS6 on W2k3 DCs, calin oprea
Indexes:	[Date] [Thread] [Top] [All Lists]