|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS Security Risks & VulnerabilitiesI am trying to get IIS installed on my PC within a fully developed network (e.g. DMZ, Firewalls, Network Servers, & Security). According to the network team, IIS poses too much of a threat to be installed on a user PC within the network. Can you please assist me with determining the risks and vulnerabilities of installing IIS on a user PC within the developed network and if they can be mitigated or blocked so that they will not be a problem? What are the other options available to develop web pages on my PC? Personal Web Server? Another product? I also need to provide justification as to why I need IIS. This is what I said: When developing ASP pages or many of the other languages, the web server software (IIS) is required to interpret the language and provide the final product being developed. If you can think of anything that adds more teeth to this, I welcome it! Thank you Roger A. Cox E-mail: Roger.***@hoffman.army.mil "There's no place like 127.0.0.1"! Sounds to me like your network team have already decided, and in my
experience so far it tends to be hard to convince them once their minds are made up, but your most compelling reason is that you need it to create and test ASP pages as part of your job. The risks they're thinking of are probably old threats such as Code Red and Nimda, which a properly patched machine would shrug off fairly easily, and they're probably also thinking from a manageability standpoint that if users are running all manner of services on their PCs it'll be more difficult to track possible threats. Question is though, do you need it on your PC? It's not allowed on user PC's, fair enough, but can it be put onto a Windows Server, managed by the IT guys? I'd probably find that preferable -- Show quoteHide quoteJason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. "Roger Cox" <Roger C**@discussions.microsoft.com> wrote in message news:CD6BFD6D-9998-42D0-A3D7-BD28B6A44B3E@microsoft.com... >I am a web developer needing IIS to develop web pages on my PC. > > I am trying to get IIS installed on my PC within a fully developed network > (e.g. DMZ, Firewalls, Network Servers, & Security). > > According to the network team, IIS poses too much of a threat to be > installed on a user PC within the network. > > Can you please assist me with determining the risks and vulnerabilities of > installing IIS on a user PC within the developed network and if they can > be > mitigated or blocked so that they will not be a problem? > > What are the other options available to develop web pages on my PC? > Personal > Web Server? Another product? > > I also need to provide justification as to why I need IIS. This is what I > said: > When developing ASP pages or many of the other languages, the web server > software (IIS) is required to interpret the language and provide the final > product being developed. > > If you can think of anything that adds more teeth to this, I welcome it! > > Thank you > Roger A. Cox > > E-mail: Roger.***@hoffman.army.mil > > "There's no place like 127.0.0.1"! 
Other interesting topics
Change in ASP.Net authentication between Win2000 and Win2003
Firewall and Win 2K OWA Exploit RE: How to create a client side certificate on a Windows 2000 Serv Re: IIS metabase permissions when creating new VirDir's Integrated Windows Authentication Error, Login security issue. Client Certificate accessability |
|||||||||||||||||||||||
