How to secure common directories in iis7.0
in [IIS]
|
Prev: IIS 7 CONFIGURATION FOR EXCHANGE 2007 CAS AND EXCHANGE 2003 BACKEN
Next: How to make IIS 6.0 to accept client certificates issued by any CA
From: inenewbl on 12 Mar 2010 02:23 Hi all. My company is hosting a website using iis7. We got a PCI certified vendor to do scanning on our website and was told that 1 of our vulnerability is common directory names detected which i assume its referring to default folders. I run thru my iis and found a default folder named aspnet_client. How do i secure it with best practises? Pls advise. Thks in advance.
From: Ken Schaefer on 14 Mar 2010 01:45 First you need to understand what the vendor is saying that the risk is. Frankly, from your description, I don't think there is an issue, but we really need to see what the vendor is saying. Get them to explain what the issue is, and what the risk is. Cheers Ken http://adOpenStatic.com/blog "inenewbl" <inenewbl(a)discussions.microsoft.com> wrote in message news:EE2433AA-154E-4CA0-B14C-8680C7BF5128(a)microsoft.com... > Hi all. My company is hosting a website using iis7. We got a PCI certified > vendor to do scanning on our website and was told that 1 of our > vulnerability > is common directory names detected which i assume its referring to default > folders. I run thru my iis and found a default folder named aspnet_client. > How do i secure it with best practises? Pls advise. Thks in advance.
From: inenewbl on 14 Mar 2010 07:26 Hi Ken, Aspnet_client folder is not used by us. Hence by removing this folder from iis will it have any implications? Pls advise thks in advance. "Ken Schaefer" wrote: > First you need to understand what the vendor is saying that the risk is. > Frankly, from your description, I don't think there is an issue, but we > really need to see what the vendor is saying. Get them to explain what the > issue is, and what the risk is. > > Cheers > Ken > > http://adOpenStatic.com/blog > > "inenewbl" <inenewbl(a)discussions.microsoft.com> wrote in message > news:EE2433AA-154E-4CA0-B14C-8680C7BF5128(a)microsoft.com... > > Hi all. My company is hosting a website using iis7. We got a PCI certified > > vendor to do scanning on our website and was told that 1 of our > > vulnerability > > is common directory names detected which i assume its referring to default > > folders. I run thru my iis and found a default folder named aspnet_client. > > How do i secure it with best practises? Pls advise. Thks in advance. > > . >
From: Ken Schaefer on 14 Mar 2010 10:49
If you have an ASP.NET application, you need this folder. If you are not using ASP.NET, then why not simply uninstall .NET from IIS? Lastly, why does the vendor say that having the folder is a risk? What is the exact risk they are talking about? Cheers Ken http://adOpenStatic.com/blog "inenewbl" <inenewbl(a)discussions.microsoft.com> wrote in message news:EC56C92A-A4CE-4BFE-909E-81C3ADCB5787(a)microsoft.com... > Hi Ken, > > Aspnet_client folder is not used by us. Hence by removing this folder from > iis will it have any implications? Pls advise thks in advance. > > "Ken Schaefer" wrote: > >> First you need to understand what the vendor is saying that the risk is. >> Frankly, from your description, I don't think there is an issue, but we >> really need to see what the vendor is saying. Get them to explain what >> the >> issue is, and what the risk is. >> >> Cheers >> Ken >> >> http://adOpenStatic.com/blog >> >> "inenewbl" <inenewbl(a)discussions.microsoft.com> wrote in message >> news:EE2433AA-154E-4CA0-B14C-8680C7BF5128(a)microsoft.com... >> > Hi all. My company is hosting a website using iis7. We got a PCI >> > certified >> > vendor to do scanning on our website and was told that 1 of our >> > vulnerability >> > is common directory names detected which i assume its referring to >> > default >> > folders. I run thru my iis and found a default folder named >> > aspnet_client. >> > How do i secure it with best practises? Pls advise. Thks in advance. >> >> . >> |