 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Microsoft's IIS6 lockdown | |
|
||
| Time: 00:00 EST/05:00 GMT | News Source: ZDNet | Posted By: Robert Stein | ||
|
It must really hurt developers at Microsoft to design IIS6 the way they've been designing it. It's been basic Microsoft philosophy forever to make products as available, as scriptable, and as powerful as possible. Things have changed. After two years of assaults from security consultants and Internet vandals, Microsoft has decided that discretion--when it comes to an Internet service--is the better part of valor. Now they have to sit and think of ways to prevent users from accessing features. Since so many companies running Windows 2000 and NT4 had unknowingly installed IIS--until they were victimized--Microsoft has wisely seen fit to alter the default configuration for IIS6. After you install Windows .Net Server, IIS6 may or may not even be installed, depending on your license. Once it's installed, it is not automatically enabled. Once enabled, its default configuration is a locked-down state that can't do anything really useful. You must enable the features. Beyond that, there are new filtering features borrowed from firewalls, such as the ability to filter out potential attacking requests before they are processed. All this--in combination with the new Web Server Edition, and if Microsoft's performance claims for IIS6 are true--could make IIS6 very popular in hosting environments and other pure Web applications. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 3 of 3 |
This is an archived static copy of ActiveWin.com. |
| #1 By 1989 (24.159.230.34) at Friday, August 30, 2002 01:01:16 AM |
|
I was suprised when I installed .Net server that IIS wasn't
even installed. I was even more suprised when asp.net pages aren't even enabled by default when you install it. Definitely a different Microsoft! |
| #2 By 7754 (216.160.8.41) at Friday, August 30, 2002 11:39:14 AM |
|
Stubear, but I think that it is true that NT Server and 2000 Server do install IIS automatically (NT 4 comes with an earlier version of IIS, but the Option Pack updates it to v4). Even if that wasn't the case, though, you have the OEM installs (Compaq's SmartStart, etc.) that install a whole bunch of stuff that you may not want, including IIS, pager/alert software, management agents, etc. *Hopefully* they won't nullify Microsoft's efforts in .NET Server 2003; hopefully they will include an option to either select what you want at install time, or install just the base and let the user configure from there. From what I've seen in .NET Server RC1, I think the OEMs will follow Microsoft's lead.
FWIW, you can do simple port filtering (TCP, UDP, and IP) on both IIS 4 and 5--it's part of the OS (NT 4 and 2000). |
| #3 By 135 (209.180.28.6) at Friday, August 30, 2002 11:41:13 AM |
|
baarod - Agreed.
stubear - Hmm... actually I think win2k server installs IIS by default. It's been a few months since I did this, but I remember having to uncheck it on a domain controller install. .Net server comes with basically the IIS Lockdown wizard already run, and URLScan installed if I understand this correctly. This has been part of my instructions for our XP Developer install in an attempt to lock things down against accidental problems. Actually I think the article is pretty fair. But then it's written by Seltzer who is one of the better authors at ZDNet. |
