Whatever This Is I Am Not Sure.

Setting Up Security on IIS

* Best place to start is by researching security vulnerabilities

* Microsoft individual security releases and cumulative security fixes – join their listserv to be alerted

* NT BugTraq also a good source for notifications

* Windows Update tool files/critical updates

* Office Update tool should also be used if running Office products as they may provide holes for attacks

* Gartner Group has taken unusual step of recommending dropping IIS due to difficultly keeping it secure

Setting Up Security on IIS

* Best place to start is by researching security vulnerabilities

* Microsoft individual security releases and cumulative security fixes – join their listserv to be alerted

* NT BugTraq also a good source for notifications

* Windows Update tool files/critical updates

* Office Update tool should also be used if running Office products as they may provide holes for attacks

* Gartner Group has taken unusual step of recommending dropping IIS due to difficultly keeping it secure

Multiple Security Layers

* Idea behind multiple layers is to slow crackers down and detect intrusions before systems are compromised

* Defense in depth

* Includes but is not limited to commercial firewall, intrusion detection, operating system hardening, and software firewall

Multiple Security Layers

* Idea behind multiple layers is to slow crackers down and detect intrusions before systems are compromised

* Defense in depth

* Includes but is not limited to commercial firewall, intrusion detection, operating system hardening, and software firewall

Multiple Security Layers

First Layer

* DMZ (demilitarized zone) – network segment isolated from rest of network by two or more firewalls, preferably from different vendors

* Firewall uses rules to control inbound/outbound traffic – check for patches/updates

* Generally use firewall to limit inbound traffic to ports 80...