I would disagree.... Yes, Win2K and IIS is vulnerable and needs patching all to regularly, but you can make it bullet proof to the public by using a reverse proxy to answer and serve the user requests. You can also check for HTTP Get strings like Code Red and validate them before serving them. The public then does not need access to the server and thus it is as secure as you can get it...
Linux with Apache - all for free. -----Original Message----- From: Robert Clark [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 26, 2001 9:13 AM To: 'Srecko Jovancevic'; 'James Kelty'; [EMAIL PROTECTED] Subject: RE: Locking down IIS Beg pardon? No way to do that? What planet are you living on? > -----Original Message----- > From: Srecko Jovancevic [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 21, 2001 2:39 AM > To: James Kelty; [EMAIL PROTECTED] > Subject: Re: Locking down IIS > > > there is no way to do that and there are no books to teech > you how but > > You can use the IIS lockdown tool ver 2.01 with Urlscan ,you > can download it from microsoft.com > > and always download the new patches for IIS and win2k from > micorsoft.com unless you are a programer so you can write > your own patches > > ----- Original Message ----- > From: "James Kelty" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 20, 2001 6:10 PM > Subject: Locking down IIS > > > > Hello! > > > > I was wondering if someone could point me in the right direction to > > books, and or web sites that will lay out the best way to > lock down, > > bastionize, > a > > win2k/IIS 5.0 server. Thanks! > > > > -James > > > > > > > > >
