IIS .Net Solutions and Developers

Hello,

The company is on the .Net solutions push company wide which will be implemented sometime in the near future. Of course, one of the big concerns is IIS running on a developer's workstation. The one thing I have heard is using the IIS Lockdown Tool to secure the developer's workstation, which I have used in doing some .Net Training here at home. The Lockdown Tool stopped any development work I was doing with ASP.NET and IIS and I had to unlock IIS to continue development work.

The person who is basically a Training person is involved with the decision making process with Systems and Tech Support, which I started talking with about using IIS and .Net from a developer's standpoint.

It's just like with InterDev that was installed on my machine. I cannot fully use InterDev to debug and ASP application from my workstation, because IIS is not on the workstation and one must go through some Mickey Mouse routine by debugging an ASP application on the DEV Web server using response.write and other means, instead of being able to use the debugging tools in InterDev.

Like the Training person indicated they are concerned about FTP services and shutting it down or a contractor coming in and hacking IIS on a developer's machine. There is also laptop workstations that leave the building using VPN work situation etc., etc, which PFW for dial-up users or NAT router is used supplied by the company.

I would like to get a little feed back from the NG concerning the security issues and possible solutions and/or workarounds. As I would like to avoid the situation the developers face with using InterDev when ..Net is deployed to the developer's workstation and it cannot be used to its fullest capabilities as a development tool.

Thanks

Duane :)

Reply to
Duane Arnold
Loading thread data ...

Everyone of our development centers, every team member, has either Windows 2000 Prof, Windows XP Prof, or Windows 2000 Server installed on their workstation. They run/develop a local copy of the part they are working on, check it into source-safe, the Solutions Architect moves it to the test server and test it against the spec's. Once it's tested on the test server it's moved to the QA server for testing by the QA team, from there, if it passes, it's moved to the customers QA server (another one of our servers) for testing by the customer. If it passes that test it's provided to the customer - all this is happening 24/7 in real time.

Not having IIS on your development station is a hindrance and increases development time.

Reply to
Leythos

Is that the risk or is the risk of others getting at the workstation via IIS? Can't you setup IIS to use loopback as it's IP address for the default site? Would that make IIS invisible on your network?

Reply to
Not-My-Real-Name

OK, so then if the IIS service on the developer PC is using Loopback, then shouldn't it be invisible on the LAN?

Reply to
Not-My-Real-Name

Leythos wrote in news: snipped-for-privacy@news-server.columbus.rr.com:

I agree too. I have written an email about this issue to my boss and to the Training person. Maybe, someone will listen before the implementation. I kind of doubt it.

Duane :)

Reply to
Duane Arnold

"Not-My-Real-Name" wrote in news:cNrSc.1053$ snipped-for-privacy@tor-nn1.netcom.ca:

The concern is having IIS open on the LAN for developer machines so that they can be compormised by a contractor that has gone wild????????

Duane :)

Reply to
Duane Arnold

If you set it so that IIS can only be accessed from 127.0.0.1 or from the host name of the computer, then it can't be accessed from the rest of the lan - simple restriction.

Reply to
Leythos

Leythos wrote in news: snipped-for-privacy@news-server.columbus.rr.com:

Well, the guy responded to my email about the whole situation. His response was he has tired ASP.Net with IIS locked down on his machine and he didn't have any problems. As far as I am concerned, he and Systems are in left field on this one and we will see what happens. I'll keep the Loopback IP solution is mind. They have already made up their minds until they are forced to change.

Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.