Re: Auditing microsoft IIS 5/6.0

From: Nikhil Wagholikar (visitnikhil@gmail.com)
Date: Tue Aug 28 2007 - 23:32:43 EDT


Hello Nikolaj,

Following are few things that needs to be checked when auditing
Microsoft IIS 5.0/6.0:

1. Use of NTFS file-system.
2. Review IIS and related Directory Permissions - By default Microsoft
OS gives Everyone full control.
3. Review access control for the 'IUSR_computername' account.
4. NTFS permissions on network connected drives (if any).
5. Users in Administrator's group. Review important and critical
accounts regularly. Delete unused accounts immediately.
6. Review correct set of Auditing and logging are enabled or not.
7. Assigning least level of permissions to browse internet.
8. Backing up critical files/folders/registry settings regularly.
9. Review security checks on base OS like Virus/ Trojans etc regularly.
10. Using most secured form of Authentication as possible.
11. Check for physical security of the Web server, like logical
access, biometric authentication etc.
12. Review password protection of screen saver. Define appropriate lockout time.
13. Check whether all the logs are reviewed regularly, preferably with
powerful log analyzers like Microsoft Log Parser (or any other
suitably).

More Information about auditing IIS, kindly refer:

1. IIS 5.0 Checklist:
http://www.google.co.in/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fskrasavi.ds.uiuc.edu%2FInfo%2FIIS%25205.0%2520checklist.pdf&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNF55KdOvcxWaEJ9gB4fhGy2lrmCrQ&sig2=e14zk0XWUErdtzT1WzdLFw
2. IIS Security Checklist:
http://www.google.co.in/url?sa=t&ct=res&cd=3&url=http%3A%2F%2Fwww.microsoft.com%2Fwindows%2Fwindows2000%2Fen%2Fserver%2Fiis%2Fhtm%2Fcore%2Fiisckl.htm&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNFhUW9s2QxMNW4w5OD4QcdhNf5_AQ&sig2=SSKRAn-rqCasUTCfZQLaWA
3. IIS Security Checklist:
http://www.google.co.in/url?sa=t&ct=res&cd=5&url=http%3A%2F%2Fwww.washington.edu%2Fcomputing%2Fsupport%2Fwindows%2FUWdomains%2FIISsecchecklist.html&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNFn4znBB2z-6sRYuYqsXTzTl_QUeg&sig2=mreulkLwaKDCdLN5h9mF3g
4. Checklist Securing Web Server:
http://www.google.co.in/url?sa=t&ct=res&cd=7&url=http%3A%2F%2Fmsdn2.microsoft.com%2Fen-us%2Flibrary%2Faa302351.aspx&ei=z-TURrkeorizAtqY0ZMM&usg=AFQjCNEypyGH2h70wOuvvv1Ibe5mPbo1rQ&sig2=OJKBmeTS_MUB2chHwFvC7A

----
Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com
On 8/28/07, Nikolaj <lorddoskias@gmail.com> wrote:
> What do you think should be checked when audition MS IIS 5/6.0
> installation? Any tips would be helpful.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT