Information Technology
Armando Zavala
Unit 1 Discussion 1
IS3440 Linux Security
Securing a Linux System
Step 1. Patches and Updates
Update your server with the latest service packs and patches. You must update and patch all of the Web server components including Windows 2000 or Windows Server 2003 (and IIS), the .NET Framework, and Microsoft Data Access Components (MDAC).
During this step, you:
Detect and install the required patches and updates.
Update the .NET Framework.
Detect and Install Patches and Updates
Use the Microsoft Baseline Security Analyzer (MBSA) to detect the patches and updates that may be missing from your current installation. MBSA compares your installation to a list of currently available updates maintained in an XML file. MBSA can download the XML file when it scans your server or you can manually download the file to the server or make it available on a network server.
Step 2. IISLockdown
The IISLockdown tool helps you to automate certain security steps. IISLockdown greatly reduces the vulnerability of a Windows 2000 Web server. It allows you to pick a specific type of server role, and then use custom templates to improve security for that particular server. The templates either disable or secure various features. Note By default, IIS 6.0 has security-related configuration settings similar to those made by the IIS Lockdown Tool. Therefore you do not need to run the IIS Lockdown Tool on Web servers running IIS 6.0. However, if you are upgrading from a previous version of IIS (5.0 or lower) to IIS 6.0, it is recommended that you run the IIS Lockdown Tool to enhance the security of your Web server.
During this step, you:
Install and run IISLockdown.
Install and configure URLScan.
Step 3. Services
Services that do not authenticate clients, services that use insecure protocols, or services that run with too much privilege are risks. If you do not need them, do not run them. By disabling unnecessary services you quickly and easily reduce the
Unit 1 Discussion 1
IS3440 Linux Security
Securing a Linux System
Step 1. Patches and Updates
Update your server with the latest service packs and patches. You must update and patch all of the Web server components including Windows 2000 or Windows Server 2003 (and IIS), the .NET Framework, and Microsoft Data Access Components (MDAC).
During this step, you:
Detect and install the required patches and updates.
Update the .NET Framework.
Detect and Install Patches and Updates
Use the Microsoft Baseline Security Analyzer (MBSA) to detect the patches and updates that may be missing from your current installation. MBSA compares your installation to a list of currently available updates maintained in an XML file. MBSA can download the XML file when it scans your server or you can manually download the file to the server or make it available on a network server.
Step 2. IISLockdown
The IISLockdown tool helps you to automate certain security steps. IISLockdown greatly reduces the vulnerability of a Windows 2000 Web server. It allows you to pick a specific type of server role, and then use custom templates to improve security for that particular server. The templates either disable or secure various features. Note By default, IIS 6.0 has security-related configuration settings similar to those made by the IIS Lockdown Tool. Therefore you do not need to run the IIS Lockdown Tool on Web servers running IIS 6.0. However, if you are upgrading from a previous version of IIS (5.0 or lower) to IIS 6.0, it is recommended that you run the IIS Lockdown Tool to enhance the security of your Web server.
During this step, you:
Install and run IISLockdown.
Install and configure URLScan.
Step 3. Services
Services that do not authenticate clients, services that use insecure protocols, or services that run with too much privilege are risks. If you do not need them, do not run them. By disabling unnecessary services you quickly and easily reduce the