Hi all,

        I have IIS 5.1 and dotnet 2003. I want to provide 100% secutity to
IIS. It should not affect by hackers.
        How can I do this?
        Are there any articles on this?

       Please suggest me. I am new to IIS.

      Thanks in advance.

Hi

I don't think it's possible to provide 100% security to your applications.
However, the more knowledge you have, the more you can achieve.

Here's a URL containing a good deal of resources for securing your apps from
a developer point of view:
http://www.microsoft.com/uk/msdn/security/resource_types.aspx?s=patterns+and+practices\Application+Blocks

Here's the TechNet security page, also containing resources:

http://www.microsoft.com/uk/technet/security/default.mspx

It contains guidance for locking down Windows as well as IIS. Also look at
the tools for checking security configuration (MBSA etc.).

It would be good to look at a holistic approach to security - look further
than just the technical side:
http://download.microsoft.com/documents/uk/msdn/devdave/Patterns_and_Practices_Security_Guidance.doc

the last article has useful resources on Security Engineering and Threat
Modelling.

Hope this is a good start. I'm sure other contributors will have a lot of
recommendations.

Cheers




Show quoteHide quote

Digitally sign files from within a web application
Storing a private key
SIMple SSL question ??
how to grant the application the required permission?
PGP - recommendations
Use of Unrestricted flag ???
Authentication method ??
Client Certifcate Info in Web Service
Problem authenticating against renamed Active Directory account
Signing trouble ??