run testing web server safely??

B

btopenworld

A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing server
(for asp pages) whilst online?

I have to admit that I run an admin account (win2000) so I know this is one
thing I should change.

TIA

John
 
J

Jeff Cochran

A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing server
(for asp pages) whilst online?
Click to expand...

You could set IIS to answer on only 127.0.0.1 and use a hosts file if
you need name resolution to that. That address won't answer off your
local system. Check the IIS group for a lot more security
possibilities, as well as:

Security Checklists:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Default.asp

From Blueprint to Fortress: A Guide to Securing IIS 5.0:
http://www.microsoft.com/technet/prodtechnol/iis/iis5/deploy/depovg/securiis.asp

Jeff
 
M

Mark Schupp

Do you have a firewall? If not, get one (if you are using a router behind
your DSL modem you probably have one). Set the firewall to block all
incoming requests (you're at risk for more than just tampering through your
web-server).

After that is set up run a full virus scan. Then get a couple of spyware
removal tools and run them as well (I like SpyBot SD). You might also want
to pick up a software firewall product like Norton Personal Firewall. Its a
bit pricey and can be quite intrusive but it will tell you when programs try
to access the internet (helps detect spyware).
 
B

btopenworld

Thanks Mark

I do run a software firewall (Zonealarm) and following your suggestion I
have now used this to block internet traffic to the server.
( I do use adaware and spybot and have good antivirus)

Thanks again for your suggestions.

John B
 
B

btopenworld

Thanks Jeff - your suggestion made me look at the options in Zonealarm
(firewall) - from there I can block internet traffic but leave local
traffic working - does that sound like a secure solution.

Thanks again.

John
 
J

Jeff Cochran

Thanks Jeff - your suggestion made me look at the options in Zonealarm
(firewall) - from there I can block internet traffic but leave local
traffic working - does that sound like a secure solution.
Click to expand...

Sure. Whatever works in your setup. Secure your system properly,
lock the IIS to responding only on an inside or localhost IP and block
port 80 inbound in your firewall.

Jeff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to ssh to a server via web browser to run a command? 2
Testing web app on a server? 1
Application pooling / server not responding 0
Strategies for unit testing an HTTP server. 0
[2.4.3/Newbie] Web script doesn't run 7
Testing web services 0
Duplicate web site for testing 7
Server move 0

Members online

Total: 28 (members: 1, guests: 27)
Robots: 226

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,023
Latest member
websitedesig25

Latest Threads

Top