Very impressive and thorough answer. This is one reason I subscribe to and appreciate this particularly list; professional, useful responses with the sophomoric quibble kept to a minimum.
James -----Original Message----- From: John P Lang [mailto:[EMAIL PROTECTED] Sent: Friday, August 29, 2003 7:29 AM To: [EMAIL PROTECTED] Subject: RE: WEBSITE HACKED PREVENTION URGENT First off.... I'm not going to get into the Windows/Linux argument. I run both servers. For your win2k box... Most important! Update the thing. Next: Go to http://www.microsoft.com/technet/security/tools/chklist/iis5cl.asp This is the IIS Baseline Security Checklist. Live it...Breath it. Make sure you run the IIS lockdown tool. Ensure you run TCP/IP filtering on all network interfaces. Only allow necessary ports for your site's operation. i.e. tcp/80 web tcp/53 dns udp/53 dns tcp/3389 if you administer the server using terminal services. That should be a fairly good start. You need to make sure you check the IIS logs daily as well as the event viewer logs. Hth John -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
