IIS Security

Tuesday, September 25, 2001

Using Windows, and you're connected to the Web? You are likely an unwitting contributor to the mess of worms creating havoc on the net these days. You need to:

  1. Put up a firewall
  2. Fix your broken Windows
  3. Turn off Windows networking on the Internet

Skeptical? See how wide-open your computer is to the world at Shields UP!

Put up a firewall

Are you just an Internet user, just browsing the internet and using email? You have no need to have your computer visible on the net at all! You really need to download ZoneAlarm right now, and install it on your computer. This is the best firewall for your computer, and it's free!

Fix your broken Windows

Visit windowsupdate.microsoft.com to fixup your copy of Windows today! I also keep an up-to-date CD made of all these updates; contact me if you want one to save yourself download time.

Turn off Windows networking on the Internet

Your firewall will take care of this, but if you'd like double insurance, or you are running a web server, you need to know this. This is a little more technical, but it's not hard.

The main loophole with Windows is that it treats the Internet like any old local network, and actively advertises what it has available to share. This is accomplished with NetBIOS, which you need to turn off.

To turn off NetBIOS, follow these instructions. Note: this could disable your local network, too, unless you have multiple network cards in your computer.

This will not affect any local network you have running, if you do it right (i.e. you configure only the Internet adapter).

I use Windows and I use IIS, because that's what I've learned and make money at. I've tried several times to setup a Linux / Apache solution, but it's really hard to use to somebody used to IIS. I think the main reason Windows / IIS webservers are so popular is because they are so easy! I'm not defending their weak security, I'm arguing for much greater ease-of-use in the competition.

By the way, if you know of an alternative to IIS + ASP + SQL Server + Exchange + FileSystemObject, I'm all ears! But, it has to do all those things, not just a couple.

0 Comments


Comments are closed for this article.