Pete, removing the scripts directory is just one of many, many
suggestions in the "securing IIS" whitepaper you'll find at
www.microsoft.com/security. They even have a tool to run a default
lockdown.
Oh, and they've got a thingy that will lock out any request for *.exe,
*.cmd, malformed URLs, etc. Tread on that with care, though. I
wouldn't want it on a server that's dishing out anything but plain-Jane
HTML. It was discussed here last week, IIRC.
-----Original Message-----
From: Pfefferkorn, Pete (PFEFFEPE) [mailto:[EMAIL PROTECTED]]
Posted At: Friday, September 21, 2001 8:13 AM
Posted To: MSExchange Mailing List
Conversation: Additional steps to prevent IIS compromise!
Subject: Additional steps to prevent IIS compromise!
Exchange 5.5 SP4
Had a general question to post. We have the IIS 4.0 running on a couple
of
Exchange systems for OWA access. It's not on the systems that house the
primary mailbox accounts and the systems were patched when code red came
out.
One of our Web Administrators suggested making some additional changes
to
help prevent additional IIS attacks. One was to create a dummy root.exe
file and have it set to read only. Also, the suggestion was made to
either
rename or delete the scripts directory. I was wondering if anyone had
any
comments on the suggestions.
Pete Pfefferkorn
Senior Systems Engineer/Mail Administrator
University of Cincinnati
51 Goodman Street
Cincinnati, OH 45221
Phone - (513) 556-9076
Fax - (513) 556-2042
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
