Til søgning efter huller i microsofts IIS webserver, er der ikke nogen på hele nettet der vil være mere opdateret end microsoft selv. En søgning på Microsofts hjemmeside førte til meget gode sider som Tools and Checklists for Windows 2000 Server:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/w2ksvrcl.asp Og IIS 5.0 Baseline Security Checklist:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/iis5cl.asp Som kommer meget vidt omkring.
Verify that all disk partitions are formatted with NTFS
Verify that the Administrator account has a strong password
Disable unnecessary services
Disable or delete unnecessary accounts
Protect files and directories
Make sure the Guest account is disabled
Protect the registry from anonymous access
Apply appropriate registry ACLs
Restrict access to public Local Security Authority (LSA) information
Set stronger password policies
Set account lockout policy
Configure the Administrator account
Remove all unnecessary file shares
Set appropriate ACLs on all necessary file shares
Install antivirus software and updates
Install the latest Service Pack
Install the appropriate post-Service Pack security hotfixes
Set appropriate ACLs on virtual directories
Set appropriate IIS Log file ACLs
Enable logging
Disable or remove all sample applications
Remove the iisadmpwd virtual directory
Remove unused script mappings
En liste over flere Tools and Checklists til microsofts produkter kan findes på:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp