Professional Web Applications Themes

Adding ASP.NET to IIS5 security concerns - ASP.NET Security

I would like to install the DOTNET 1.1 FRMWRK on a production machine (IIS5 Win2k). It runs ASP and it's locked down with the IIS 2.1 LockDown Tool and a bunch of few other tweaks. The intent is to start porting old ASP scripts to ASPX. No web services intended. By simply installing the framework and not running any ASPX scripts is the machine still secure? Do I have to take any further steps to lock down the server? Can anyone point me to a Securing IIS5 and .NET guide or whitepapers? Or if you can briefly advise me on ...

  1. #1

    Default Adding ASP.NET to IIS5 security concerns

    I would like to install the DOTNET 1.1 FRMWRK on a production machine (IIS5
    Win2k). It runs ASP and it's locked down with the IIS 2.1 LockDown Tool and
    a bunch of few other tweaks. The intent is to start porting old ASP scripts
    to ASPX. No web services intended.

    By simply installing the framework and not running any ASPX scripts is the
    machine still secure? Do I have to take any further steps to lock down the
    server?


    Can anyone point me to a Securing IIS5 and .NET guide or whitepapers?
    Or if you can briefly advise me on the steps it would be great.


    Thanks,
    Dimitrie

    Dimitrie Guest

  2. #2

    Default Re: Adding ASP.NET to IIS5 security concerns

    Johan,

    Thanks for your help.

    The question I can't get an anser is:
    By it's default instalation, is the DOTNET Framework secure for serving
    anonymous pages? It seems that a lot of people here are running ASP.NET but
    I'm not sure how they've locked their server.

    I assume that the official answer is yes but I would like to get help from
    real life.

    I'm thinking about some sort of RD access enabled by default. Or a web based
    admin page that gets installed somewhere in my root. Or a similar problem
    like the "view source" sample page installed by IIS4 in default mode. Do I
    have to reaply the IIS lockdown tool after I install the framework?

    I need some sort of 1,2,3 steps or if someone can share his experience in a
    similar situation. I do not want to install the SDK just the Framework.

    Thanks,
    Dimitrie

    Dimitrie Guest

Similar Threads

  1. Adding Windows Security to ascx
    By Arco in forum ASP.NET Building Controls
    Replies: 1
    Last Post: October 24th, 06:09 PM
  2. Web Photo Gallery not adding Security text over JPEGs
    By Jay Newman in forum Adobe Photoshop Elements
    Replies: 6
    Last Post: September 15th, 05:30 PM
  3. Directory Security via ASP / Or Adding user to Win2000 users
    By Richard Morey in forum ASP Database
    Replies: 9
    Last Post: August 22nd, 08:35 PM
  4. Database security concerns
    By FrankM in forum ASP Database
    Replies: 4
    Last Post: August 7th, 01:37 PM
  5. Replies: 0
    Last Post: July 11th, 10:36 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139