Use the IIS Lockdown tool. http://www.microsoft.com/WINDOWS2000/downloads/recommended/iislockdown/defau lt.asp Apparantly good for users interested in locking down iis and not sure where to start. What you really should look at is MIME types. Most of what this tool does revolves around this. One of the biggest and stupidest iis security hole was the .htr hole. Take any cf url and append +.htr to the end and you can see the source code. For example: http://www.mysite.com/application.cfm+.htr Will show you the whole file. Delete any mime types you don't use. If you need them, grab the mime type information from another iis box not open on the web. Turn off IIS Admin Site. And just leave active the sites that should be accessed. With CF security, toast the cfdocs folder. Kill external access to the webroot/cfide/administrator folder unless you need it. There's more. This should get rid of the obvious bugs. -----Original Message----- From: Michael Wilson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 25, 2001 2:31 PM To: CF-Talk Subject: Check list for securing IIS (WAS RE: Check out what Gartner is recommending. Drop IIS!) Anyone know of a check list for securing IIS 5.0 in conjunction with CF 5.0? I think I remember seeing one for 4.0 some time back, but can't find a link. I am not totally sure of everything I CAN "turn off" or what measures I can take beyond keeping up with the constant flow of "security patches". Although I am up-to-date with patches and have had no issues with Code Red or Nimda, I would still like to learn more on how to lock IIS down for maximum security. Regards, Mike > -----Original Message----- > > I'm not a 'server' admin (by title) but I can thank MS for this. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
