Microsoft has a guide, and an IIS Lockdown tool. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ tools/chklist/iis5chk.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bestprac/default.asp
Other sources http://www.lokbox.net/SecureWin2K/ http://www.secadministrator.com/Articles/Index.cfm?ArticleID=26049 http://www.nacs.uci.edu/security/msft/safeiisinstall.htm I have not reviewed all of them yet. Mike -----Original Message----- From: Brook Davies [mailto:brook@;maracasmedia.com] Sent: Tuesday, November 12, 2002 11:40 AM To: CF-Server Subject: RE: Server Security Breach Is that Port 139 / TCP/IP? Also, thanks for the info guys! I figured it was just that, but I didn't want to take any chances :) While I'm at it, does any one know of a good "lock down" guide for Windows 2000 Server in a web environment? I followed the IIS / Windows lock down that was available from Allaire some time back. It had a list of unnecessary services, some security related registry entries, and file permission settings. Brook At 11:10 AM 12/11/02 -0600, you wrote: >It's a common annoyance lately. It's the Messenger service that is >being abused. You can just disable it in the Services control panel. > >AFAIK, other than as an annoyance it doesn't have any means of abuse >other than possibly as a weird DOS attack. If you have a firewall, it's >probably best to stop it there. Port 139. > >Here's an article: >http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00 >.html > >-Kevin > > > -----Original Message----- > > From: Brook Davies [mailto:brook@;maracasmedia.com] > > Sent: Tuesday, November 12, 2002 10:52 AM > > To: CF-Server > > Subject: Server Security Breach > > > > > > Hello, > > > > I had something unnerving happen yesterday. Our web server had a pop > > up dialog box open on it after logging in. The dialog was an > > advertisement for call center and a 1-800 number! It did not > > originate internally. > > > > Is this a SMNP, or messenging service problem? What do I need to > > disable and how potentially hazardous is this?? > > > > Brook > > > > > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
