hi all
i have just had a webserver 'dropped' on me to
administer, and being new to administering
iis5/w2k sp2, i could use some advice.
i've been surfing around various security sites all
day and haven't hit paydirt yet - or it could be that i'm
just too new to recognize the answer and need
someone to spell it out for me :)
here's the most burning (currently) question i have:
how can i hide the ip address in the url address line
of an end users browser when someone visits my
website AND hide both the ip & netbios name of my
webserver from any other programs/scanners/etc ?
will proxy server installed on the box or using host
headers work, & if so, what do i need to do to set it
up properly.
here's what i got to work with:
1) server has no domain name, just an ip address
2) it serves only a single ArcIMS website & does
nothing else
3) i got no firewall software or hardware at the
moment (would welcome free or low cost
suggestions. yes, i know you generally
get what you pay for, but small, cost-recovery
govt agencies have no $$ to work with)
4) we aren't using active directory and we dont have
an nt domain, just a workgroup - our name server
is not running a microsoft OS.
5) iis lockdown tool was installed before ArcIMS
webmapping software was installed & configured.
(ArcIMS uses java servlets and the viewer
application uses lotsa javascript and has
various communications going on between
various parts of it that are not on port 80. it is
notoriously easy to screw up when you're tyring
to harden up your webserver, so that's always
an iffy situation.)
many thanks in advance for any help
anyone can provide,
julia
