Microsoft has released a security tool based on the SecureIIS design. They called it URLScan. It's a free download as a part of IISLockdown version 2 tool. But beware, that using this tool in default configuration breaks Frontpage Extensions.
Salman -----Original Message----- From: Will Munkara-Kerr [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 7:22 PM To: [EMAIL PROTECTED] Subject: RE: Locking down IIS Although i am not going to try to sell you the benefits of apache over IIS, and if you are devoted to (or stuck with) using IIS, i would try out www.eeye.com 's SeureIIS at http://www.eeye.com/html/Products/SecureIIS/index.html It is beyond doubt the most comprehensive security tool for IIS. Also, i recommend you try the following page for some interesting links: http://www.google.com/search?q=securing+IIS (Although I'm sure you checked that already yes?) ;) ./will[ss] [EMAIL PROTECTED] -----Original Message----- From: James Kelty [mailto:[EMAIL PROTECTED]] Sent: Friday, December 21, 2001 4:11 AM To: [EMAIL PROTECTED] Subject: Locking down IIS Hello! I was wondering if someone could point me in the right direction to books, and or web sites that will lay out the best way to lock down, bastionize, a win2k/IIS 5.0 server. Thanks! -James "This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please destroy it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Central Sydney Area Health Service."
