More on security

Published 10 April 03 12:28 AM | RWlodarczyk

After looking through the links to my previous post, I noticed that G. Andrew Duthie referred to it in his latest blog. He makes an excellent point. Not patching is in my estimate Sin #1 when adminning any box. But secondly, there are tools like the IIS Lockdown Tool for Windows 2000 machines. Also, URL Scan works in conjunction with the IIS Lockdown Tool to restrictcertain types of HTTP traffic from coming to your IIS box. Both of these tools in conjunction with MBSA that G. Andrew Duthie talks about are absolute necessities.

Personally, I run MBSA every few weeks on my server to make sure everything is ok. But besides that, I am also subscribed to NTBUGTRAQ (the mailing list moderated by Russ...), which at least keeps me up-to-date as to what the latest security announcements are (and hence usually provides links to patches that need to be applied).

Filed under: General Rants

Comments

# Jon said on April 10, 2003 1:11 PM:: Russ Cooper's mailing list is great. I also follow similar practices to you when it comes to running IIS. IISLockDown and URLScan are top notch security programs for IIS in my opinion, and the MSBSA is a kickass tool.

Anonymous comments are disabled

About RWlodarczyk

Robert has been at Microsoft since August 2003. He has worked on WPF Imaging, Media, and Effects, and Windows Vista (in the form of the Windows Imaging Component). He is currently the test lead for the Windows Imaging Component.

Robert A. Wlodarczyk's Blog (MSFT)

More on security

Comments

About RWlodarczyk

Search

This Blog

Tags

Archives

Blogs I Read

Cool Links

Syndication