Adding ASP.NET to IIS5 security concerns

Ask a Question related to ASP.NET Security, Design and Development.

  1. Dimitrie #1

    Default Adding ASP.NET to IIS5 security concerns

    I would like to install the DOTNET 1.1 FRMWRK on a production machine (IIS5
    Win2k). It runs ASP and it's locked down with the IIS 2.1 LockDown Tool and
    a bunch of few other tweaks. The intent is to start porting old ASP scripts
    to ASPX. No web services intended.

    By simply installing the framework and not running any ASPX scripts is the
    machine still secure? Do I have to take any further steps to lock down the
    server?


    Can anyone point me to a Securing IIS5 and .NET guide or whitepapers?
    Or if you can briefly advise me on the steps it would be great.


    Thanks,
    Dimitrie

    Dimitrie Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Adding Windows Security to ascx
      I have an application that is growing and requires Windows role based security built into a navagation user control. I currently have the security...
    2. Web Photo Gallery not adding Security text over JPEGs
      I've been converting graphic files to Web Photo Galleries and it works like a charm, but I can't seem to get Security text to be added over JPEG...
    3. Directory Security via ASP / Or Adding user to Win2000 users
      Hello, I am working on a document management system for a client. I am planning to set up the system so that documents are protected, sort of.. A...
    4. Database security concerns
      I'm about to install a database driven shopping cart. I've read in cart documentation that my store is not secure if I'm using the default...
    5. Dotnet, IIS5.0 and IIS lockdown/hardening tool/security
      We have a web service built with the 1.1 framework and we are targeting server machines running IIS 5.0+. We have been advised to run the IIS...
  2. Dimitrie #2

    Default Re: Adding ASP.NET to IIS5 security concerns

    Johan,

    Thanks for your help.

    The question I can't get an anser is:
    By it's default instalation, is the DOTNET Framework secure for serving
    anonymous pages? It seems that a lot of people here are running ASP.NET but
    I'm not sure how they've locked their server.

    I assume that the official answer is yes but I would like to get help from
    real life.

    I'm thinking about some sort of RD access enabled by default. Or a web based
    admin page that gets installed somewhere in my root. Or a similar problem
    like the "view source" sample page installed by IIS4 in default mode. Do I
    have to reaply the IIS lockdown tool after I install the framework?

    I need some sort of 1,2,3 steps or if someone can share his experience in a
    similar situation. I do not want to install the SDK just the Framework.

    Thanks,
    Dimitrie

    Dimitrie Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139