It kinda depends on the functionality you want to keep.... IIS UrlScan will protect you from various malformed URL's and you can use it to only allow (for instance) http get and http put. You can also allow some webdav commands, or entirely disable it (there is a registry key that can do the same...).
IIS LockDown will just enable or disable stuff like ASP, SSI and will protect some system files. The docs provided with the tools are good enough to figure out what to expect.... meaculpa > -----Original Message----- > From: NR [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 12:22 PM > To: [EMAIL PROTECTED] > Subject: Securing IIS Server > > > > > > Hi, > > I have IIS Server in which i want to install IIS lockdown and > URLScan, i heard they are very good to protect IIS server, > are they worth installing, and if not, is there any other > tools i can use to secure my IIS ? > > Thanks and Regards > NR > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > -------------- > --- Outgoing mail is has been checked with AVG, Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
