run testing web server safely??

Discussion in 'ASP General' started by btopenworld, Apr 20, 2005.

  1. btopenworld

    btopenworld Guest

    A couple of years ago, I had a mild hack of the default windows web page in
    inetpub because I was running IIS whilst my DSL connection was on. Ever
    since, I have disconnected the DSL before running IIS.

    Could anyone give me advice on running IIS safely as a local testing server
    (for asp pages) whilst online?

    I have to admit that I run an admin account (win2000) so I know this is one
    thing I should change.

    TIA

    John
    btopenworld, Apr 20, 2005
    #1
    1. Advertising

  2. btopenworld

    Jeff Cochran Guest

    On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
    <> wrote:

    >A couple of years ago, I had a mild hack of the default windows web page in
    >inetpub because I was running IIS whilst my DSL connection was on. Ever
    >since, I have disconnected the DSL before running IIS.
    >
    >Could anyone give me advice on running IIS safely as a local testing server
    >(for asp pages) whilst online?


    You could set IIS to answer on only 127.0.0.1 and use a hosts file if
    you need name resolution to that. That address won't answer off your
    local system. Check the IIS group for a lot more security
    possibilities, as well as:

    Security Checklists:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Default.asp

    From Blueprint to Fortress: A Guide to Securing IIS 5.0:
    http://www.microsoft.com/technet/prodtechnol/iis/iis5/deploy/depovg/securiis.asp

    Jeff
    Jeff Cochran, Apr 20, 2005
    #2
    1. Advertising

  3. btopenworld

    Mark Schupp Guest

    Do you have a firewall? If not, get one (if you are using a router behind
    your DSL modem you probably have one). Set the firewall to block all
    incoming requests (you're at risk for more than just tampering through your
    web-server).

    After that is set up run a full virus scan. Then get a couple of spyware
    removal tools and run them as well (I like SpyBot SD). You might also want
    to pick up a software firewall product like Norton Personal Firewall. Its a
    bit pricey and can be quite intrusive but it will tell you when programs try
    to access the internet (helps detect spyware).

    --
    --Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com


    "btopenworld" <> wrote in message
    news:d4575d$h72$-infra.bt.com...
    >A couple of years ago, I had a mild hack of the default windows web page in
    > inetpub because I was running IIS whilst my DSL connection was on. Ever
    > since, I have disconnected the DSL before running IIS.
    >
    > Could anyone give me advice on running IIS safely as a local testing
    > server
    > (for asp pages) whilst online?
    >
    > I have to admit that I run an admin account (win2000) so I know this is
    > one
    > thing I should change.
    >
    > TIA
    >
    > John
    >
    >
    >
    >
    Mark Schupp, Apr 20, 2005
    #3
  4. btopenworld

    btopenworld Guest

    Thanks Mark

    I do run a software firewall (Zonealarm) and following your suggestion I
    have now used this to block internet traffic to the server.
    ( I do use adaware and spybot and have good antivirus)

    Thanks again for your suggestions.

    John B




    "Mark Schupp" <> wrote in message
    news:#...
    > Do you have a firewall? If not, get one (if you are using a router behind
    > your DSL modem you probably have one). Set the firewall to block all
    > incoming requests (you're at risk for more than just tampering through

    your
    > web-server).
    >
    > After that is set up run a full virus scan. Then get a couple of spyware
    > removal tools and run them as well (I like SpyBot SD). You might also want
    > to pick up a software firewall product like Norton Personal Firewall. Its

    a
    > bit pricey and can be quite intrusive but it will tell you when programs

    try
    > to access the internet (helps detect spyware).
    >
    > --
    > --Mark Schupp
    > Head of Development
    > Integrity eLearning
    > www.ielearning.com
    >
    >
    > "btopenworld" <> wrote in message
    > news:d4575d$h72$-infra.bt.com...
    > >A couple of years ago, I had a mild hack of the default windows web page

    in
    > > inetpub because I was running IIS whilst my DSL connection was on. Ever
    > > since, I have disconnected the DSL before running IIS.
    > >
    > > Could anyone give me advice on running IIS safely as a local testing
    > > server
    > > (for asp pages) whilst online?
    > >
    > > I have to admit that I run an admin account (win2000) so I know this is
    > > one
    > > thing I should change.
    > >
    > > TIA
    > >
    > > John
    > >
    > >
    > >
    > >

    >
    >
    btopenworld, Apr 20, 2005
    #4
  5. btopenworld

    btopenworld Guest

    Thanks Jeff - your suggestion made me look at the options in Zonealarm
    (firewall) - from there I can block internet traffic but leave local
    traffic working - does that sound like a secure solution.

    Thanks again.

    John


    "Jeff Cochran" <> wrote in message
    news:...
    > On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
    > <> wrote:
    >
    > >A couple of years ago, I had a mild hack of the default windows web page

    in
    > >inetpub because I was running IIS whilst my DSL connection was on. Ever
    > >since, I have disconnected the DSL before running IIS.
    > >
    > >Could anyone give me advice on running IIS safely as a local testing

    server
    > >(for asp pages) whilst online?

    >
    > You could set IIS to answer on only 127.0.0.1 and use a hosts file if
    > you need name resolution to that. That address won't answer off your
    > local system. Check the IIS group for a lot more security
    > possibilities, as well as:
    >
    > Security Checklists:
    >

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    Default.asp
    >
    > From Blueprint to Fortress: A Guide to Securing IIS 5.0:
    >

    http://www.microsoft.com/technet/prodtechnol/iis/iis5/deploy/depovg/securiis
    ..asp
    >
    > Jeff
    btopenworld, Apr 20, 2005
    #5
  6. btopenworld

    Jeff Cochran Guest

    On Wed, 20 Apr 2005 16:12:21 +0000 (UTC), "btopenworld"
    <> wrote:

    >Thanks Jeff - your suggestion made me look at the options in Zonealarm
    >(firewall) - from there I can block internet traffic but leave local
    >traffic working - does that sound like a secure solution.


    Sure. Whatever works in your setup. Secure your system properly,
    lock the IIS to responding only on an inside or localhost IP and block
    port 80 inbound in your firewall.

    Jeff


    >Thanks again.
    >
    >John
    >
    >
    >"Jeff Cochran" <> wrote in message
    >news:...
    >> On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
    >> <> wrote:
    >>
    >> >A couple of years ago, I had a mild hack of the default windows web page

    >in
    >> >inetpub because I was running IIS whilst my DSL connection was on. Ever
    >> >since, I have disconnected the DSL before running IIS.
    >> >
    >> >Could anyone give me advice on running IIS safely as a local testing

    >server
    >> >(for asp pages) whilst online?

    >>
    >> You could set IIS to answer on only 127.0.0.1 and use a hosts file if
    >> you need name resolution to that. That address won't answer off your
    >> local system. Check the IIS group for a lot more security
    >> possibilities, as well as:
    >>
    >> Security Checklists:
    >>

    >http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    >Default.asp
    >>
    >> From Blueprint to Fortress: A Guide to Securing IIS 5.0:
    >>

    >http://www.microsoft.com/technet/prodtechnol/iis/iis5/deploy/depovg/securiis
    >.asp
    >>
    >> Jeff

    >
    Jeff Cochran, Apr 20, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. benn
    Replies:
    2
    Views:
    586
  2. DDK
    Replies:
    2
    Views:
    690
    Rick Spiewak
    May 26, 2004
  3. =?Utf-8?B?TmVvIFRoZSBPbmU=?=

    Can I safely delete Temporary ASP.NET Files?

    =?Utf-8?B?TmVvIFRoZSBPbmU=?=, Oct 15, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    48,027
    Nora.brown
    Apr 3, 2010
  4. yao

    how to connect web service by winform safely?

    yao, Nov 22, 2006, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    432
    Dhanraj K.S
    Dec 29, 2006
  5. Vince C.
    Replies:
    2
    Views:
    187
    Vince C.
    Dec 3, 2003
Loading...

Share This Page