mercredi 30 janvier 2008

Running the IIS Lockdown Tool

Running the IIS Lockdown Tool
Given all the options that exist for configuring IIS, it can be confusing to determine which are required for your particular needs and which are optional and should be disabled. Fortunately, Microsoft has created a wizard that will walk you through the process of determining which features you need, disabling the features you don't need and setting the security as tight as practically possible. You can read about the wizard (alternately called the Internet Information Services Lockdown Wizard and the IIS Lockdown tool) at http://www.microsoft.com/technet/security/tools/tools/locktool.asp, and you can download it from http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33961.

To use the Internet Information Services Lockdown Wizard, follow these steps:

Run the executable file, Iislockd.exe, from the folder where you downloaded it.
Click Next on the introduction and license agreement pages. The Select Server Template page appears.

Select the template that most closely matches your use of IIS and then click Next.
Select Install URLScan Filter On The Server and click Next. The URLScan feature protects the server from future URL-related exploits that might be uncovered. The Ready To Apply Settings page appears.

Click Next, and the wizard applies appropriate settings, disables unneeded services, and so on. Click Next and then click Finish to close the wizard.
A concise report of the actions taken by the wizard is saved as %SystemRoot%\System32\ Inetsrv\Oblt-rep.log. A more detailed log file is saved in the same folder as Oblt-log.log.

CAUTION
--------------------------------------------------------------------------------

Do not delete the log files. The Internet Information Services Lockdown Wizard uses the Oblt-log.log file to undo its changes if that becomes necessary.
If you have problems accessing IIS after running the wizard, you can undo the changes it made. Just run the wizard again, and it offers to reverse all its modifications, as shown in Figure 17-11, giving you the opportunity to lock down IIS with a different set of options. This behavior is useful because you can select or clear specific options and see whether they are the source of the problem you are experiencing.


Figure 17-11. If something doesn't work right after you run the Internet Information Services Lockdown Wizard, you can undo its changes.
Publié par à
Libellés : , , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)