Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

/proc/kallsyms format, sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas

Links

XODOX
Impressum

#1: Intranet web server security

Posted on 2008-04-06 22:58:02 by mattie

I have a Win2K domain and need to create an intranet web server. I'm
concerned about the security, will do a clean install of Windows 2000
Server/IIS 5, and am referencing the following document,
http://windowsitpro.com/articles/print.cfm?articleid=22274 but I'm still
concerned if the steps mentioned are sufficient for an intranet server?
--
TIA
Mattie

Report this message

#2: Re: Intranet web server security

Posted on 2008-04-11 16:23:07 by Roger Abell

If you are concerned about security then do not use Windows 2000
for a new install as it is nearing the end of its supported lifecycle
and will like stop having patches for it before you are done using
the new intranet website. Also, IIS 7 if far superior to IIS 5, as is
also the case with IIS 6.

Roger (Security MVP)

"mattie" <mattie@discussions.microsoft.com> wrote in message
news:918DAE84-866F-49E7-BC28-74B594570CB8@microsoft.com...
>I have a Win2K domain and need to create an intranet web server. I'm
> concerned about the security, will do a clean install of Windows 2000
> Server/IIS 5, and am referencing the following document,
> http://windowsitpro.com/articles/print.cfm?articleid=22274 but I'm still
> concerned if the steps mentioned are sufficient for an intranet server?
> --
> TIA
> Mattie

Report this message

#3: Re: Intranet web server security

Posted on 2008-04-13 18:04:00 by mattie

I understand what you're saying, but Win2k and IIS 5 are what I have to work
with for now. This is being used for development and we'll have to support
Win2k through at least Win2003 for now. What points of security do I need to
be concerned with now for Win2k/IIS 5 as an intranet server?

--
Thanks,
Mattie


"Roger Abell [MVP]" wrote:

> If you are concerned about security then do not use Windows 2000
> for a new install as it is nearing the end of its supported lifecycle
> and will like stop having patches for it before you are done using
> the new intranet website. Also, IIS 7 if far superior to IIS 5, as is
> also the case with IIS 6.
>
> Roger (Security MVP)
>
> "mattie" <mattie@discussions.microsoft.com> wrote in message
> news:918DAE84-866F-49E7-BC28-74B594570CB8@microsoft.com...
> >I have a Win2K domain and need to create an intranet web server. I'm
> > concerned about the security, will do a clean install of Windows 2000
> > Server/IIS 5, and am referencing the following document,
> > http://windowsitpro.com/articles/print.cfm?articleid=22274 but I'm still
> > concerned if the steps mentioned are sufficient for an intranet server?
> > --
> > TIA
> > Mattie
>
>
>

Report this message

#4: Re: Intranet web server security

Posted on 2008-04-21 15:26:25 by Roger Abell

I am not sure whether the IIS 5 and W2k specific material is
available any longer in the guidance series off the websites
www.microsoft.com/security www.microsoft.com/technet/security
but much of the material has not changed greatly to the newer
release versions (except for things not available in the older).
The degree to which one attempts to harden a service point
depends on the threat model you assume, such as how trusted
or not the user base is that can poke at the intranet server.

Roger

"mattie" <mattie@discussions.microsoft.com> wrote in message
news:F982A867-A06E-4F4A-A683-E7D95D222902@microsoft.com...
>I understand what you're saying, but Win2k and IIS 5 are what I have to
>work
> with for now. This is being used for development and we'll have to
> support
> Win2k through at least Win2003 for now. What points of security do I need
> to
> be concerned with now for Win2k/IIS 5 as an intranet server?
>
> --
> Thanks,
> Mattie
>
>
> "Roger Abell [MVP]" wrote:
>
>> If you are concerned about security then do not use Windows 2000
>> for a new install as it is nearing the end of its supported lifecycle
>> and will like stop having patches for it before you are done using
>> the new intranet website. Also, IIS 7 if far superior to IIS 5, as is
>> also the case with IIS 6.
>>
>> Roger (Security MVP)
>>
>> "mattie" <mattie@discussions.microsoft.com> wrote in message
>> news:918DAE84-866F-49E7-BC28-74B594570CB8@microsoft.com...
>> >I have a Win2K domain and need to create an intranet web server. I'm
>> > concerned about the security, will do a clean install of Windows 2000
>> > Server/IIS 5, and am referencing the following document,
>> > http://windowsitpro.com/articles/print.cfm?articleid=22274 but I'm
>> > still
>> > concerned if the steps mentioned are sufficient for an intranet server?
>> > --
>> > TIA
>> > Mattie
>>
>>
>>

Report this message