Both Nimda and Code Red can be avoided by locking down the IIS 5 configuration (... as demonstrated by the MS IIS lockdown tool). No patches (not even OS service packs, i.e. no Win 2k SP1 or SP2) are required!
If you add some firewalls in front of your IIS, one of those being e.g. ISA Server 2k, you could use
- HTTP forward caching (where all cached requests would be handled on the "other" side of the NAT firewall)
- content filtering (to block offensive code such as Nimda).
If your admin knows her job, everything should be just fine with your Win 2k Datacenter (except for the noise those boxes tend to make)...
M.
Slashdot Mirror
Both Nimda and Code Red can be avoided by locking down the IIS 5 configuration (... as demonstrated by the MS IIS lockdown tool). No patches (not even OS service packs, i.e. no Win 2k SP1 or SP2) are required! If you add some firewalls in front of your IIS, one of those being e.g. ISA Server 2k, you could use - HTTP forward caching (where all cached requests would be handled on the "other" side of the NAT firewall) - content filtering (to block offensive code such as Nimda). If your admin knows her job, everything should be just fine with your Win 2k Datacenter (except for the noise those boxes tend to make) ...
M.