473,584 Members | 2,873 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

run testing web server safely??

A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing server
(for asp pages) whilst online?

I have to admit that I run an admin account (win2000) so I know this is one
thing I should change.

TIA

John


Jul 22 '05 #1
5 1520
On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworl d"
<jo**@siteweave .net> wrote:
A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing server
(for asp pages) whilst online?


You could set IIS to answer on only 127.0.0.1 and use a hosts file if
you need name resolution to that. That address won't answer off your
local system. Check the IIS group for a lot more security
possibilities, as well as:

Security Checklists:
http://www.microsoft.com/technet/tre...ty/Default.asp

From Blueprint to Fortress: A Guide to Securing IIS 5.0:
http://www.microsoft.com/technet/pro...g/securiis.asp

Jeff
Jul 22 '05 #2
Do you have a firewall? If not, get one (if you are using a router behind
your DSL modem you probably have one). Set the firewall to block all
incoming requests (you're at risk for more than just tampering through your
web-server).

After that is set up run a full virus scan. Then get a couple of spyware
removal tools and run them as well (I like SpyBot SD). You might also want
to pick up a software firewall product like Norton Personal Firewall. Its a
bit pricey and can be quite intrusive but it will tell you when programs try
to access the internet (helps detect spyware).

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"btopenworl d" <jo**@siteweave .net> wrote in message
news:d4******** **@nwrdmz03.dmz .ncs.ea.ibs-infra.bt.com...
A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing
server
(for asp pages) whilst online?

I have to admit that I run an admin account (win2000) so I know this is
one
thing I should change.

TIA

John

Jul 22 '05 #3
Thanks Mark

I do run a software firewall (Zonealarm) and following your suggestion I
have now used this to block internet traffic to the server.
( I do use adaware and spybot and have good antivirus)

Thanks again for your suggestions.

John B


"Mark Schupp" <no******@email .net> wrote in message
news:#Q******** ******@TK2MSFTN GP15.phx.gbl...
Do you have a firewall? If not, get one (if you are using a router behind
your DSL modem you probably have one). Set the firewall to block all
incoming requests (you're at risk for more than just tampering through your web-server).

After that is set up run a full virus scan. Then get a couple of spyware
removal tools and run them as well (I like SpyBot SD). You might also want
to pick up a software firewall product like Norton Personal Firewall. Its a bit pricey and can be quite intrusive but it will tell you when programs try to access the internet (helps detect spyware).

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"btopenworl d" <jo**@siteweave .net> wrote in message
news:d4******** **@nwrdmz03.dmz .ncs.ea.ibs-infra.bt.com...
A couple of years ago, I had a mild hack of the default windows web page in inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing
server
(for asp pages) whilst online?

I have to admit that I run an admin account (win2000) so I know this is
one
thing I should change.

TIA

John


Jul 22 '05 #4
Thanks Jeff - your suggestion made me look at the options in Zonealarm
(firewall) - from there I can block internet traffic but leave local
traffic working - does that sound like a secure solution.

Thanks again.

John
"Jeff Cochran" <je*********@zi na.com> wrote in message
news:42******** ********@msnews .microsoft.com. ..
On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworl d"
<jo**@siteweave .net> wrote:
A couple of years ago, I had a mild hack of the default windows web page ininetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing server(for asp pages) whilst online?
You could set IIS to answer on only 127.0.0.1 and use a hosts file if
you need name resolution to that. That address won't answer off your
local system. Check the IIS group for a lot more security
possibilities, as well as:

Security Checklists:

http://www.microsoft.com/technet/tre...hnet/security/
Default.asp
From Blueprint to Fortress: A Guide to Securing IIS 5.0:
http://www.microsoft.com/technet/pro...epovg/securiis
..asp
Jeff

Jul 22 '05 #5
On Wed, 20 Apr 2005 16:12:21 +0000 (UTC), "btopenworl d"
<jo**@siteweave .net> wrote:
Thanks Jeff - your suggestion made me look at the options in Zonealarm
(firewall) - from there I can block internet traffic but leave local
traffic working - does that sound like a secure solution.
Sure. Whatever works in your setup. Secure your system properly,
lock the IIS to responding only on an inside or localhost IP and block
port 80 inbound in your firewall.

Jeff

Thanks again.

John
"Jeff Cochran" <je*********@zi na.com> wrote in message
news:42******* *********@msnew s.microsoft.com ...
On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworl d"
<jo**@siteweave .net> wrote:
>A couple of years ago, I had a mild hack of the default windows web pagein >inetpub because I was running IIS whilst my DSL connection was on. Ever
>since, I have disconnected the DSL before running IIS.
>
>Could anyone give me advice on running IIS safely as a local testingserver >(for asp pages) whilst online?


You could set IIS to answer on only 127.0.0.1 and use a hosts file if
you need name resolution to that. That address won't answer off your
local system. Check the IIS group for a lot more security
possibilities, as well as:

Security Checklists:

http://www.microsoft.com/technet/tre...hnet/security/
Default.asp

From Blueprint to Fortress: A Guide to Securing IIS 5.0:

http://www.microsoft.com/technet/pro...epovg/securiis
.asp

Jeff


Jul 22 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
1190
by: Elliot Rodriguez | last post by:
Excuse the crosspost, but this thread gets much more traffic than the mcsd one does. Should I expect to see questions pertaining to using the VS.NET IDE, and IDE-specific filetypes, on the exam? Or can I safely develop in a non-MS IDE (such as WebMatrix or #Develop)? The reason I ask is because the MSPress books devote quite a bit of...
19
6779
by: lihua | last post by:
Hi, Group! I got one question here: We all know that fclose() must be called after file operations to avoid unexpected errors.But there are really cases when you forget to do that!Just like what happens in memory operations, everyone knows the importance of freeing the allocated memory, but there do have memory leaks from time to
2
3212
by: Naveen Mukkelli | last post by:
Hi, I'm writing a client/server application using C#. The server accepts connecitons asynchronously, using BeginAccept/EndAccept. Is there any way we can write some unit tests(NUnit) to test the behaviour of accepting connections and testing some other private methods that would be called when the server receives a connection request.
0
985
by: John Hoge | last post by:
I'm testing VWD, which has some great features over VS.NET2003, but there is one feature that it seems to lack: I want to do my development and testing on a local testing server. Dreamweaver handles this with ease - I can work from files on a network share of a testing server and then test the site through that server. This way I can use...
0
1486
by: Brian Russell | last post by:
We have three servers (beyond my development box) in our organization. The first is a testing server that has IIS and SQL Server on it. The second is another testing server that also has IIS and SQL Server. The final is the production box that only has IIS. I develop on my own machine, copy to the first testing server, the code is tested,...
72
5204
by: Jacob | last post by:
I have compiled a set og unit testing recommendations based on my own experience on the concept. Feedback and suggestions for improvements are appreciated: http://geosoft.no/development/unittesting.html Thanks.
3
5799
by: AAJ | last post by:
Hi has anyone come across a function to check if a particular string can be safely converted to a datatype i.e. i would like to check things like TypeCheck("1/1/2006",datetime) -returns true TypeCheck("fred",datetime) -returns false
16
2149
by: Mike P | last post by:
How would I write some Javascript to test whether a date is in the past or not? I need to only accept either the current date or future dates. *** Sent via Developersdex http://www.developersdex.com ***
0
7897
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
8331
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7940
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8200
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5705
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5379
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3824
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3850
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
0
1163
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.