Microsoft releases tool to lock IIS systems

Microsoft Corp., whose Web server and security products have been stung recently by a series of high-profile flaws, released a new security tool Thursday, the second time in as many weeks the company has done so.

The new tool, called IIS Lockdown, is targeted at home and small businesses and is intended for use with the company's IIS (Internet Information Server) software -- the Web server software that the Code Red worm attacked successfully in July and August. Code Red used a month-old vulnerability in IIS to infect servers and spread itself across the world. With IIS Lockdown Code Red could never have happened, because the security hole, even if it had been unpatched, would not have been vulnerable, Microsoft said.

IIS Lockdown aims to do just what its name would lead one to believe: lock down the IIS configuration on a system, making it unchangeable and inaccessible. The software offers two configuration options, Express Lockdown and Advanced Lockdown. Express Lockdown is a one-click, general security setting. Advanced Lockdown gives administrators the option to pick and choose the services that will be enabled on the system, Microsoft said.

The software checks a server's configuration against a checklist of security practices provided by Microsoft to create secure systems, said Scott Culp, security program manager at the Microsoft security response center. The checklist, which is also available on Microsoft Web sites as a standalone document, is included in the IIS Lockdown tool, rather than requiring the tool to reference a Web site, he said.

After consulting the checklist, IIS Lockdown turns off all unnecessary or potentially hazardous services, leaving just core IIS functions, Culp said. The software also includes an extensive help system which gives detailed information about what each component does and in which situations it would be used, he said.

IIS Lockdown provides a sneak-preview of the installation process for the forthcoming IIS 6.0, Culp said. IIS 6.0 will include an "interview" process by which the server will be configured with only the necessary services and functions, turning all others off, he said.

Despite the promises made by the company, Microsoft does advise administrators to stay up to date on patching their systems.

Last week, Microsoft released two security vulnerability assessment tools: HFNetChk and Microsoft Personal Security Advisor. IIS Lockdown is not the last tool in this line, Culp said, noting that at least one more such tool will be released in the near future.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?