9. Can IIS security ever be managed effectively?

The no. 9 Ask the Expert question of 2002, based on page views.

I use up-to-date patches and hotfixes and have Norton antivirus software on all my IIS servers. Even with these precautions, security holes constantly pop up. The patches and hotfixes only work sometimes. There has to be a trade-off between the risk of not being up to date versus the possibility that the server may be fried after installing the latest patch/hotfix? This question posed on 19 June 2002

There are those who believe Internet Information Server security cannot be managed effectively, and there's little doubt that the task is daunting to even seasoned administrators. Using the IIS Lockdown Tool will help put your servers in a more secure configuration, but some of the steps the tool recommends can't always be implemented in real world network environments. I tell people to have test servers ready all the time to check out patches and see if they break any functionality. Having these up and running can really help with response time.

Another step to consider is diversifying the server environment. It's often difficult to implement, but the advantages are striking. Nimda took out many companies' entire Web presence, often including intranets. If some systems were running on another platform, they would have survived almost unaffected.

Click here to read more of Scott Blake's answers to security questions or ask him a question.

Editor's Note: For more useful information, check out these technical tips:

  • Seven key IIS security tips
  • IIS 5.0 hotfix checking tool
  • URLScan

    *Sign up to have Windows security administration tips deliverd to your inbox every Tuesday morning.

  • Dig deeper on Windows Operating System Management

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close