This tip was submitted to the SearchSecurity.com Tip Exchange Contest by user Ross Tsolakidis. Let other users know how useful it is and help Ross win a prize by rating the tip below.
I've seen a lot of people install a Windows 2000 server while the machine is connected to the network (live IP address). What they are unaware of is as soon as the install is completed and the Web server reboots, they are vulnerable to all the exploits that IIS has "out of the box," and that is a LOT.
I've seen Web servers attacked within seconds of going live, i.e., Code Red Worm. You'd be surprised how many people do this!
Here's the way I install a server:
- I make sure the server is unplugged from the network while installing the OS.
- Once the OS install has been completed and the machine reboots, I stop IIS completely via the IIS console.
- Now I plug it into the network.
- Next, I update all the patches and Service Packs.
- I reboot the server, start IIS again and I'm done. If you do what I do, you won't have a
vulnerable Web server live on the Internet while you are patching it.
This was first published in March 2002