I have an IIS 5.0 server that I wish to secure. Do you have any tips on how best this can be achieved? Would an Apache server be a better choice than IIS?
You should definitely consider using Microsoft's IIS Lockdown wizard, available at no extra charge from Microsoft. It'll step you through securing your configuration, and offers some pretty solid recommendations for improving the default settings.
As for Apache vs. IIS... You should really go with whichever you are most familiar with up front. Both have a history of security issues (although IIS probably has had more problems over the years). Still, your best bet for security is to use a product you are more familiar with. That way, you'll be more comfortable administering, patching and operating it.
For more info on this topic, visit these SearchSecurity.com resources:
This was first published in August 2003