> > Mark Woods wrote: > > > > > > Every IIS server should be running it, or something similar. > > > > Why? > > >It helps prevent a number of security issues with IIS that allowed for the >execution of commands outside of the web folder. Of course if you've locked >down your box properly in the first place, it shouldn't be an issue, but >belt and braces are always good when it comes to security. ;o)
If you lock down your box but leave IIS openly listening for HTTP requests without filtering potentially risky requests, you are leaving yourself open to future attack as new weaknesses are discovered (you cannot possibly patch your server quickly enough to guarantee you are safe from attack). Any application that accepts input should really have strict validation rules to ensure that only valid input is received (whether it's a web server, a desktop application or whatever). URLScan allows you to simply and cheaply ensure IIS has strict input validation rules that will protect you from most attacks that make use of HTTP requests. Mark ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
