9. Can IIS security ever be managed effectively?

The no. 9 Ask the Expert question of 2002, based on page views.

I use up-to-date patches and hotfixes and have Norton antivirus software on all my IIS servers. Even with these precautions, security holes constantly pop up. The patches and hotfixes only work sometimes. There has to be a trade-off between the risk of not being up to date versus the possibility that the server may be fried after installing the latest patch/hotfix? This question posed on 19 June 2002

There are those who believe Internet Information Server security cannot be managed effectively, and there's little doubt that the task is daunting to even seasoned administrators. Using the IIS Lockdown Tool will help put your servers in a more secure configuration, but some of the steps the tool recommends can't always be implemented in real world network environments. I tell people to have test servers ready all the time to check out patches and see if they break any functionality. Having these up and running can really help with response time.

Another step to consider is diversifying the server environment. It's often difficult to implement, but the advantages are striking. Nimda took out many companies' entire Web presence, often including intranets. If some systems were running on another platform, they would have survived almost unaffected.

Click here to read more of Scott Blake's answers to security questions or ask him a question.

Editor's Note: For more useful information, check out these technical tips:

  • Seven key IIS security tips
  • IIS 5.0 hotfix checking tool
  • URLScan

    *Sign up to have Windows security administration tips deliverd to your inbox every Tuesday morning.

  • Dig Deeper on Windows Operating System Management

    PRO+

    Content

    Find more PRO+ content and other member only offers, here.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close