IIS/PWS and network security concerns

[sweetleaf]

Hi,

At my work we have an NT workstation running pws and a 3 page website.
Theres an MS Access db sitting in a folder in

http://wwwroot

aswell that gets updated when customers on the "outside" world enter our forms over the internet(3 asp pages).

The NT workstation is on the network. About 10 users have odbc connections from their pc's to the access db so they can trouble shoot customer claims.

My bosses are worried cuz of all the bad press IIS/PWS is picking up.. and I want to calm their worries about network secuirty etc...
Aside from downloading the latest security patch and doing regular updates are there other security concerns I should know about and if so how to address them?

Any help is greatly appreciated!
Thanks,

 

[AgentM]

Well, first of all I think it is a good idea not to have your company's stuff in the default web site ie. under

http://wwwroot.

Maybe you can create another folder under Inetpub for the web site.
It is always better to setup the database on another machine.
If installed, then uninstall the samples folder and Mdac, if you don't need them from the IIS box.
To satisfy your bosses, you can always use the services of another company to audit your web site. There are many companies that provide this service at a price.

These are a few things which we follow, others may have a different opinion.