Microsoft has finally released a tool that makes it simple to secure an IIS 4.0 or 5.0 web server. The tool, known as the IIS Lockdown Tool, allows Web server administrators to quickly put a server into a secure configuration, something that has been needed for quite some time.
The tool offers two operating modes. The default is "Express Lockdown", which configures the server in a highly secure fashion. For those of us who are control freaks, the tool also offers a granular mode called Advanced Lockdown. An internal help system provides information and recommendations for selecting the best configuration, and it includes a one-level undo function.
According to Microsoft, "a web server configured using the Express Lockdown would be completely protected against Code Red and virtually all known security vulnerabilities affecting IIS 4.0 and 5.0 - even without the patches for these vulnerabilities". Of course, they recommend that all customers, even those running locked-down servers, continue to stay current on all security patches.
The tool is available for download at: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32362.
Trademarks, Copyrights and Brand Names are property of their respective owners
Author and/or Publisher assumes no responsibility, use these suggestions and guidelines at your own risk