IIS/PWM...Issues..?

[powderkeg1]

Hello All,

I'm using IIS/PWM on my Win2kPro machine and would like to get some/any info on security with regard to allowing people to access my demo site through it. I just want to allow some colleagues to view some .asp pages. We're wanting to do this instead of upgrading our hosted server to asp enabled for now. Are there any free sites that allow asp pages..? I'm running ZoneAlarmPro which seemed to block the attacks a while back, but is there any issue I should be aware of other than this. How much does the visitor see of my system..? What kind of restrictions can/should I set before allowing access, if at all..? TIA. Cheers all.

P.S. the main thing I'm worried about, is, no matter how much you think you know/trust someone, there is always the individual who just can't help himself to a snoop.

powderkeg...

 

[pbxman]

If you're running IIS on your local machine, just right-click on My Computer, go to "Manage" then expand "Services and Applications" then "Internet Information Service" then right-click on "Default web site" and go to "Properties".

There has all your configuration settings. For browsing only, set permissions for Read only - and do not use Script (execute) permissions unless you need to. You can also limit the amout of connections to 2 or something lower than 10, and definitely enable logging to Log the visits.

Your firewall should disallow access to outside access, and if you need to - you could enable a login/password for the site - but this is unnecessary in most cases.

It's really easy to host a site on a Win2K Pro machine running IIS, and easy enough to restrict it as well. Check out those properties under your "Default Web Site", and have a go at it. Piece of cake!


Good luck.
Pbxman
Systems Administrator

Please let Tek-Tips members know their posts were helpful.

 

[powderkeg1]

Hello All,

pbxman, thanx for the help. Just curious though, the person who I let inside, what can they access from there. If this person had some snooping knowledge, even amatuer level, what else could he/she get up to..? Once again, sorry for the paranoid type questions, but like to know what I'm getting into fully before proceeding. TIA. Cheers all.

powderkeg...

 

[pbxman]

Since you would (hopefully) be disabling scripts, the only thing they can see is your web site. Note you should stop your default FTP site service, and SMTP service if you have them as a precaution.

Also - make sure you download the critical updates for your computer from MS to prevent propogating virus information. A lot of people run virii that use your website as a place to run mass-mail viruses. Code-Red is a good one.

As long as you enagle logging - and check those out once in a while - you'll see what IP connected to you, and what they tried to run, view, etc - and you'll also see the results of those attempts. There's really nothing that you wont be able to see with logging enabled.

As always - keep a reltime virus scanner running on ANY IIS machine, and keep those virus definitions updated. You'll be fine. All they will see is your default web page, and anything else you place in the

http://wwwroot

directory.

Good to see you're cautious about it - if left administered incorectly, IIS can be a dangerous security risk to any organisation or system. Keeping things locked-down, and monitored will give you full control over what happens.

Good luck with it!
Pbxman
Systems Administrator

Please let Tek-Tips members know their posts were helpful.

 

[powderkeg1]

Monitoring

Active connections: 0
Started at 7:36pm on
13/12/2001
Visitors: 55
Requests: 1230
Bytes served: 2543523
Most concurrent connections: 5

This's weird, as I'm not open for business to my knowledge.

What's going on here. Anyone..? TIA. Cheers all.

P.S. Logging is enabled, but, where do I find it..?

powderkeg...

 

[pbxman]

What are you monitoring there? That cant be IIS..

The logs are saved where you specify when you right-click your Default Web Site when managing your computer.

I believe the default place is \winnt\system32\logfiles

Pbxman
Systems Administrator

Please let Tek-Tips members know their posts were helpful.

 

[powderkeg1]

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2001-12-14 05:24:16
#Fields: time c-ip cs-method cs-uri-stem sc-status
05:24:16 211.250.17.25 GET /scripts/root.exe 404
05:24:16 211.250.17.25 GET /MSADC/root.exe 404
05:24:17 211.250.17.25 GET /c/winnt/system32/cmd.exe 404
05:24:17 211.250.17.25 GET /d/winnt/system32/cmd.exe 404
05:24:18 211.250.17.25 GET /scripts/..%5c../winnt/system32/cmd.exe 404
05:24:18 211.250.17.25 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
05:24:20 211.250.17.25 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
05:24:20 211.250.17.25 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
05:24:20 211.250.17.25 GET /scripts/..Á../winnt/system32/cmd.exe 500
05:24:20 211.250.17.25 GET /scripts/winnt/system32/cmd.exe 404
05:24:21 211.250.17.25 GET /scripts/../../winnt/system32/cmd.exe 404
05:24:21 211.250.17.25 GET /scripts/..\../winnt/system32/cmd.exe 404
05:24:22 211.250.17.25 GET /scripts/..%5c../winnt/system32/cmd.exe 404
05:24:22 211.250.17.25 GET /scripts/..%5c../winnt/system32/cmd.exe 404
05:24:23 211.250.17.25 GET /scripts/..%5c../winnt/system32/cmd.exe 404
05:24:23 211.250.17.25 GET /scripts/..%2f../winnt/system32/cmd.exe 404
Does this seem right..? When I access my default site through the browser, does it log me too..? TIA. Cheers all.

powderkeg...

 

[powderkeg1]

Hello All,

after sending and looking at the log further, I've come to the conclusion that that is in fact me. Hehe. Sorry. Cheers all.

powderkeg...