Thanks! I'll take a look at that. Pete Pfefferkorn Senior Systems Engineer/Mail Administrator University of Cincinnati 51 Goodman Street Cincinnati, OH 45221 Phone - (513) 556-9076 Fax - (513) 556-2042 -----Original Message----- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Friday, September 21, 2001 9:41 AM To: Exchange Discussions Subject: RE: Additional steps to prevent IIS compromise! Pete, removing the scripts directory is just one of many, many suggestions in the "securing IIS" whitepaper you'll find at www.microsoft.com/security. They even have a tool to run a default lockdown. Oh, and they've got a thingy that will lock out any request for *.exe, *.cmd, malformed URLs, etc. Tread on that with care, though. I wouldn't want it on a server that's dishing out anything but plain-Jane HTML. It was discussed here last week, IIRC. -----Original Message----- From: Pfefferkorn, Pete (PFEFFEPE) [mailto:[EMAIL PROTECTED]] Posted At: Friday, September 21, 2001 8:13 AM Posted To: MSExchange Mailing List Conversation: Additional steps to prevent IIS compromise! Subject: Additional steps to prevent IIS compromise! Exchange 5.5 SP4 Had a general question to post. We have the IIS 4.0 running on a couple of Exchange systems for OWA access. It's not on the systems that house the primary mailbox accounts and the systems were patched when code red came out. One of our Web Administrators suggested making some additional changes to help prevent additional IIS attacks. One was to create a dummy root.exe file and have it set to read only. Also, the suggestion was made to either rename or delete the scripts directory. I was wondering if anyone had any comments on the suggestions. Pete Pfefferkorn Senior Systems Engineer/Mail Administrator University of Cincinnati 51 Goodman Street Cincinnati, OH 45221 Phone - (513) 556-9076 Fax - (513) 556-2042 _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
RE: Additional steps to prevent IIS compromise!
Pfefferkorn, Pete (PFEFFEPE) Fri, 21 Sep 2001 06:18:34 -0700
- Additional steps to prevent IIS compromise! Pfefferkorn, Pete (PFEFFEPE)
- RE: Additional steps to prevent IIS comp... Tom Meunier
- Pfefferkorn, Pete (PFEFFEPE)
