we have a fp web (2k extensions) on a nt 4(6a) box with iis 4... the box is OUTSIDE our firewall... until i can move that behind our firewall (lots of issues), can anyone recommend a kind of basic security review/checklist to make that box not so easy to hack/deface? lucky so far, but i suspect it's a fat, easy target... have very limited nt/iis knowhow, so please speak babytalk? mtia,