The online FAQ database contains hundreds of answers to frequently asked questions, articles on using our
web server applications and other related technologies, and resolutions to common problems. If you are seeing
an error message, be sure to try searching on the error message or error number that you are seeing.
|
| |
| |
| |
| |
|
How can I make sure my web server is secure from the Code Red virus, hackers or who knows what else?
|
|
|
One of the most important aspects about system security is to realize that true system security is a moving target and requires a level of ongoing maintenance. That is why it is important to keep yourself aware of current security issues related to your server(s) in the effort to keep them secured today and more importantly, into the future. If you will not be able to manage a server on your own, or do not have the time or expertise to do so, you might want to consider using a server that is managed by your host, so that someone will be responsible for ongoing system and security maintenance. There are a number of ways you can do this yourself, and even though it may be a little time consuming to keep up, it is quite simple to stay informed of security issues related to Windows Server and many other platforms.
A common phrase when looking for information, is to "go to the source". So, when looking at securing Windows NT and Windows 2000, your first stop should be at http://www.microsoft.com/security/. Starting here on the Microsoft site, you can find quite a number of resources on security for all Microsoft products. Service Packs for the operating system (and any server applications running on your server) should be the quickest and easiest way to stay reasonably up to date. A Service Pack will patch any known bugs and security holes in the operating systems, or the IIS server itself. The availability of Service Packs, while usually widely known, do not come often enough to fix any serious problems that are discovered in between releases. To deal with that, Microsoft releases an update called a Hotfix, to address important issues discovered in between the timeframe of Service Pack releases. Hotfixes are generally released to address an individual problem or issue. So there can be a number of hotfixes available at any one time. To stay informed of hotfixes that may apply to your server, you will need to either visit the Microsoft web site regularly or subscribe to the Microsoft security mailing list. The mailing list sends out security alerts for issues as soon as a patch or fix is known. Microsoft also makes available some white-papers and software tools you can use to increase your server security. White papers can provide some technical information or recommended configurations for increasing server security. Be sure to download the proper versions of tools, hotfixs, or Service Packs for your server. Windows NT 4.0 running Option Pack 1 would use IIS version 4.0. While Windows 2000 ships with IIS version 5.0.
Other excellent sources of information on security issues can be found all over the internet. Below is a list of some of the excellent resources we can recommend.
The SANS Security Alert Consensus Newsletter
An email newsletter with details about security issues for a variety of applications and operating systems.
http://www.sans.org/sansnews/
SANS Institute
Provides a number of course and materials for understanding network security issues.
http://www.sans.org/
Windows 2000 Magazine Security Administrator
Excellent security publication with a free alert mailing list.
http://www.secadministrator.com/
Microsoft URLScan Utility
IIS filter to forcefully filter requests before going to the IIS server that can block and log invalid requests.
http://www.microsoft.com/technet/security/urlscan.asp
Counterpane Internet Security
Great site for information and services on security and encryption.
http://www.counterpane.com/
NT Bugtraq
Superb mailing list for Windows NT and Windows 2000 related bugs.
http://www.ntbugtraq.com
Cert
Manages and reports on security incidents and provides a variety of information on security related issues.
http://www.cert.org
Internet Security Systems
The Internet Security Systems Web site is a source of links to FAQs, mailing lists, newsgroups, and other security-related resources.
http://www.iss.net
W3C Security Pages
The World Wide Web Consortium's (W3C) pages on security issues and technologies. The site is also a good portal to other security-related sites.
http://www.w3.org/Security/
NTSecurity.com
Security portal site for security related products, issues and sites for Windows NT and Windows 2000.
http://www.ntsecurity.com/
|
|
|
|
| |
