9. Can IIS security ever be managed effectively?

Scott Blake

I use up-to-date patches and hotfixes and have Norton antivirus software on all my IIS servers. Even with these precautions, security holes constantly pop up. The patches and hotfixes only work sometimes. There has to be a trade-off between the risk of not being up to date versus the possibility that the server may be fried after installing the latest patch/hotfix? This question posed on 19 June 2002

There are those who believe

    Requires Free Membership to View

Internet Information Server security cannot be managed effectively, and there's little doubt that the task is daunting to even seasoned administrators. Using the IIS Lockdown Tool will help put your servers in a more secure configuration, but some of the steps the tool recommends can't always be implemented in real world network environments. I tell people to have test servers ready all the time to check out patches and see if they break any functionality. Having these up and running can really help with response time.

Another step to consider is diversifying the server environment. It's often difficult to implement, but the advantages are striking. Nimda took out many companies' entire Web presence, often including intranets. If some systems were running on another platform, they would have survived almost unaffected.

Click here to read more of Scott Blake's answers to security questions or ask him a question.

Editor's Note: For more useful information, check out these technical tips:

  • Seven key IIS security tips
  • IIS 5.0 hotfix checking tool
  • URLScan

    *Sign up to have Windows security administration tips deliverd to your inbox every Tuesday morning.

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: