Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > run testing web server safely??

Reply
Thread Tools

run testing web server safely??

 
 
btopenworld
Guest
Posts: n/a
 
      04-20-2005
A couple of years ago, I had a mild hack of the default windows web page in
inetpub because I was running IIS whilst my DSL connection was on. Ever
since, I have disconnected the DSL before running IIS.

Could anyone give me advice on running IIS safely as a local testing server
(for asp pages) whilst online?

I have to admit that I run an admin account (win2000) so I know this is one
thing I should change.

TIA

John




 
Reply With Quote
 
 
 
 
Jeff Cochran
Guest
Posts: n/a
 
      04-20-2005
On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
<(E-Mail Removed)> wrote:

>A couple of years ago, I had a mild hack of the default windows web page in
>inetpub because I was running IIS whilst my DSL connection was on. Ever
>since, I have disconnected the DSL before running IIS.
>
>Could anyone give me advice on running IIS safely as a local testing server
>(for asp pages) whilst online?


You could set IIS to answer on only 127.0.0.1 and use a hosts file if
you need name resolution to that. That address won't answer off your
local system. Check the IIS group for a lot more security
possibilities, as well as:

Security Checklists:
http://www.microsoft.com/technet/tre...ty/Default.asp

From Blueprint to Fortress: A Guide to Securing IIS 5.0:
http://www.microsoft.com/technet/pro...g/securiis.asp

Jeff
 
Reply With Quote
 
 
 
 
Mark Schupp
Guest
Posts: n/a
 
      04-20-2005
Do you have a firewall? If not, get one (if you are using a router behind
your DSL modem you probably have one). Set the firewall to block all
incoming requests (you're at risk for more than just tampering through your
web-server).

After that is set up run a full virus scan. Then get a couple of spyware
removal tools and run them as well (I like SpyBot SD). You might also want
to pick up a software firewall product like Norton Personal Firewall. Its a
bit pricey and can be quite intrusive but it will tell you when programs try
to access the internet (helps detect spyware).

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com


"btopenworld" <(E-Mail Removed)> wrote in message
news:d4575d$h72$(E-Mail Removed)-infra.bt.com...
>A couple of years ago, I had a mild hack of the default windows web page in
> inetpub because I was running IIS whilst my DSL connection was on. Ever
> since, I have disconnected the DSL before running IIS.
>
> Could anyone give me advice on running IIS safely as a local testing
> server
> (for asp pages) whilst online?
>
> I have to admit that I run an admin account (win2000) so I know this is
> one
> thing I should change.
>
> TIA
>
> John
>
>
>
>



 
Reply With Quote
 
btopenworld
Guest
Posts: n/a
 
      04-20-2005
Thanks Mark

I do run a software firewall (Zonealarm) and following your suggestion I
have now used this to block internet traffic to the server.
( I do use adaware and spybot and have good antivirus)

Thanks again for your suggestions.

John B




"Mark Schupp" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> Do you have a firewall? If not, get one (if you are using a router behind
> your DSL modem you probably have one). Set the firewall to block all
> incoming requests (you're at risk for more than just tampering through

your
> web-server).
>
> After that is set up run a full virus scan. Then get a couple of spyware
> removal tools and run them as well (I like SpyBot SD). You might also want
> to pick up a software firewall product like Norton Personal Firewall. Its

a
> bit pricey and can be quite intrusive but it will tell you when programs

try
> to access the internet (helps detect spyware).
>
> --
> --Mark Schupp
> Head of Development
> Integrity eLearning
> www.ielearning.com
>
>
> "btopenworld" <(E-Mail Removed)> wrote in message
> news:d4575d$h72$(E-Mail Removed)-infra.bt.com...
> >A couple of years ago, I had a mild hack of the default windows web page

in
> > inetpub because I was running IIS whilst my DSL connection was on. Ever
> > since, I have disconnected the DSL before running IIS.
> >
> > Could anyone give me advice on running IIS safely as a local testing
> > server
> > (for asp pages) whilst online?
> >
> > I have to admit that I run an admin account (win2000) so I know this is
> > one
> > thing I should change.
> >
> > TIA
> >
> > John
> >
> >
> >
> >

>
>



 
Reply With Quote
 
btopenworld
Guest
Posts: n/a
 
      04-20-2005
Thanks Jeff - your suggestion made me look at the options in Zonealarm
(firewall) - from there I can block internet traffic but leave local
traffic working - does that sound like a secure solution.

Thanks again.

John


"Jeff Cochran" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
> <(E-Mail Removed)> wrote:
>
> >A couple of years ago, I had a mild hack of the default windows web page

in
> >inetpub because I was running IIS whilst my DSL connection was on. Ever
> >since, I have disconnected the DSL before running IIS.
> >
> >Could anyone give me advice on running IIS safely as a local testing

server
> >(for asp pages) whilst online?

>
> You could set IIS to answer on only 127.0.0.1 and use a hosts file if
> you need name resolution to that. That address won't answer off your
> local system. Check the IIS group for a lot more security
> possibilities, as well as:
>
> Security Checklists:
>

http://www.microsoft.com/technet/tre...hnet/security/
Default.asp
>
> From Blueprint to Fortress: A Guide to Securing IIS 5.0:
>

http://www.microsoft.com/technet/pro...epovg/securiis
..asp
>
> Jeff



 
Reply With Quote
 
Jeff Cochran
Guest
Posts: n/a
 
      04-20-2005
On Wed, 20 Apr 2005 16:12:21 +0000 (UTC), "btopenworld"
<(E-Mail Removed)> wrote:

>Thanks Jeff - your suggestion made me look at the options in Zonealarm
>(firewall) - from there I can block internet traffic but leave local
>traffic working - does that sound like a secure solution.


Sure. Whatever works in your setup. Secure your system properly,
lock the IIS to responding only on an inside or localhost IP and block
port 80 inbound in your firewall.

Jeff


>Thanks again.
>
>John
>
>
>"Jeff Cochran" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> On Wed, 20 Apr 2005 09:25:01 +0000 (UTC), "btopenworld"
>> <(E-Mail Removed)> wrote:
>>
>> >A couple of years ago, I had a mild hack of the default windows web page

>in
>> >inetpub because I was running IIS whilst my DSL connection was on. Ever
>> >since, I have disconnected the DSL before running IIS.
>> >
>> >Could anyone give me advice on running IIS safely as a local testing

>server
>> >(for asp pages) whilst online?

>>
>> You could set IIS to answer on only 127.0.0.1 and use a hosts file if
>> you need name resolution to that. That address won't answer off your
>> local system. Check the IIS group for a lot more security
>> possibilities, as well as:
>>
>> Security Checklists:
>>

>http://www.microsoft.com/technet/tre...hnet/security/
>Default.asp
>>
>> From Blueprint to Fortress: A Guide to Securing IIS 5.0:
>>

>http://www.microsoft.com/technet/pro...epovg/securiis
>.asp
>>
>> Jeff

>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error while trying to run project: Unable to start debugging on the web server. The project is not configured to be debugged. windows 2003 server Claude seraphin ASP .Net 12 02-15-2014 04:29 PM
What do I need to run a asp.net 2.0 app with sql server express database on a web server? Nick ASP .Net 5 02-16-2007 05:29 PM
testing testing neville Computer Support 2 05-27-2005 09:57 AM
testing testing 123 daniel edwards Computer Support 4 05-20-2004 10:36 PM
testing--news2004--testing Boomer Computer Support 3 09-24-2003 06:54 PM



Advertisments