Security Holes on IIS
Andrew Mutch
amutch at waterford.lib.mi.us
Mon May 21 15:47:19 EDT 2001
If you are an administrator of a Microsoft NT 4 box running IIS 4.0, I highly
recommend that at the minimum, you should be aware of the following resources:
1) The Microsoft Security site with information on the latest patches for IIS
here:
http://www.microsoft.com/technet/security/
If you have not been keeping up with the security patches that have been
released for IIS, you are in luck as Microsoft has released a comprehensive
patch for IIS to address almost all of the patches released since SP5.
http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
2) Microsoft makes it easy for you so that you can receive Security bulletings
automatically as soon as they are released:
http://www.microsoft.com/technet/security/notify.asp
3) You should read this security checklist for IIS 4.0 to help you eliminate
other security vulnerabilities.
http://www.microsoft.com/technet/security/iischk.asp
While none of this will guarantee that you won't be attacked, hacked or
otherwise compromised, it will at least save one the embarassment of trying to
explain to the Boss why the server was hacked through a hole that has been
public knowledge for a number of months. It has been our experience from
checking our server logs and dealing with some minor hacks that if your server
is accessible to the public, you can expect it to be under continuous attack
from various hacking-types around the world. Most of them don't seem to know
what they are doing but don't make it easy for them.
Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI
Margaret Escherich wrote:
> Ugh, just discovered we have gotten this, too....
>
> Margaret Escherich
> Senior Librarian/Webmistress
> Oakland Public Library
> http://oaklandlibrary.org
>
More information about the Web4lib
mailing list