Microsoft Releases IIS Lockdown Tool
Digg
DZone
Reddit
Slashdot
StumbleUpon
del.icio.us
Facebook
FriendFeed
Furl
by Andy Goodman
Microsoft has finally released a tool that makes it
simple to secure an IIS 4.0 or 5.0 web server. The tool, known as the IIS
Lockdown Tool, allows Web server administrators to quickly put a server into a
secure configuration, something that has been needed for quite some time.
Microsoft has finally released a tool that makes it simple to secure an IIS 4.0 or 5.0 web server. The tool, known as the IIS Lockdown Tool, allows Web server administrators to quickly put a server into a secure configuration.
According to Microsoft, "a web server configured using the Express Lockdown would be
completely protected against Code Red and virtually all known security vulnerabilities affecting IIS 4.0 and 5.0 - even without the patches for these vulnerabilities". Of course, they recommend that all customers, even those
running locked-down servers, continue to stay current on all security patches.
The tool is available for download at: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32362. Trademarks, Copyrights and Brand Names are property of their respective owners
The tool offers two operating modes. The default is
"Express Lockdown", which configures the server in a highly secure
fashion. For those of us who are control freaks, the tool also offers a granular mode
called Advanced Lockdown. An internal help system provides information and recommendations
for selecting the best configuration, and it includes a one-level undo function.
Author and/or Publisher assumes no responsibility, use these suggestions and guidelines at
your own risk
