SnapGear is top of the line. However, you might not want to purchase it off of Ebay or something like that. You should be purchasing it from a reputable dealer, which you can get that information from the manufacture.
Duane :)
Well, "LAN-IP" and "localhost" would be your private IP address. I was asking about how it worked from the Internet side when you used your public IP address. Does that work? You already said it worked from the inside in your original post. You want access from the Internet side, right?
If you want anonymous logon (99 percent do!) you need to...
IIS Manager | | Properties | Directory Security | "Enable anonymous access"
By default, the username assigned to anonymous access is IUSR_. It should already be filled in, to include the password field (although I suppose the password is blank, I dunno since I left mine at the default).
Yes. I did it for years before upgrading to W2K3 (better). If you run a web server on W2K make SURE and download and install the MS add-on product called URL SCAN. 99 percent of URL SCAN's features were built into W2K3. Using URL SCAN (properly configured) will keep you in good shape on W2K. Also use NTFS file permissions to protect the rest of the W2K files and file system using system hardening techniques (you can find recommendations all over the net about Operating System Hardening).
Although zone alarm is better than nothing, what you really want is a "network" firewall, not a "personal" firewall (like zone alarm). There are many network firewalls out there. Most any will do. Depends on your risk factor, of course, but most are pretty good. A router with NAT and Stateful Packet Inspection might be good enough ($50-60). Maybe you already have that implemented in your DSL setup???
As Duane also mentioned, you should be aware that W2K Workstation as well as Windows XP Professional allow only 10 inbound connections. And be aware that ONE CLIENT can take up all 10 connections in some situations. Although the "norm" for one client to connect is two connections.
-Frank
Do you have a source for me?
Yours, VB.
Unfortunately I don't have any good overview any more. With Google you can find some splattered information.
snipped-for-privacy@gmail.com wrote on 5 May 2006 21:46:05 -0700:
When you say don't work, have you actually tested access from a machine that is not on your LAN? Most routers will drop packets sent from the internal connection that are addressed to the public address. To reduce spoofing, all packets addressed to an interface are dropped automatically if they were passed out of that interface - when you try to connect to the public IP address that you have port forwarded the packets are passed out of your public interface (because all packets accepted at the LAN interface that are not blocked by an outbound access list will be sent to the WAN interface), and then picked up again at the same one (as it's the router interface that takes the packets and forwards them into your server) - the router will then drop them.
To test your port forwarding is correct, and your server is accessible from the internet, you will need to test it from another connection outside of your router.
Dan
snipped-for-privacy@gmail.com wrote on 6 May 2006 18:22:18 -0700:
Did you disable Anonymous Authentication? If so, you have told IIS to require login credentials so your browser will ask for them. This can also be caused by disabling the built-in IUSR account and not changing the IIS account settings to a valid account that has sufficient permissions to handle the files for your site. I suggest you read up on IIS security.
Locking it down is a definite requirement. Run IISLockdown as a minimum step.
I run corporate sites in IIS6 on Windows 2003, out of the box this is pretty secure system.
I'd never run a software firewall on a server (and I do my best never to run one on a desktop either!). Get a proper dedicated firewall unit that allows both inbound and outbound access lists.
Dan
Volker wrote on 8 May 2006 12:28:32 +0200:
Volker, if you find one can you post it here? I've been digging around and can only find articles about this with PWS, IIS4, and IIS5. IIS6 has a completely different system for handling requests that solves this according to all the articles I've found.
Dan
Sorry, cannot find anything. IIS 6.0 seems to be as secure as other complex webservers now.
Yours, VB.
Spack wrote: [IIS6 insecure]
I cannot find one.
Yours, VB.
Volker wrote on 9 May 2006 10:06:29 +0200:
Neither can I. IIS4 and IIS5 were vulnerable, but 6 isn't ...
Dan
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.