Knowing that you have a Web server and the requirement to protect it is one thing. Not knowing when you are running a Web server, not only shows how unfamiliar you are with your system, but it makes your systems vulnerable to a wide range of devastating attacks.
Being a Web server without knowing it usually occurs when you install a new operating system without being fully aware of its default configuration. For example, Internet Information Server (IIS) (a full Web server product) and Peer Web Services (a limited client Web server product) install automatically on all versions of Windows prior to Windows .NET Server. This default action was configured by Microsoft in hopes that if their Web product was already installed and running that you'd be more likely to employ it rather than a third-party's Web server product. Unfortunately, this was not a very wise decision from a security standpoint. Both IIS and PWS out-of-the-box are vulnerable to exploits that can either make the system unresponsive to valid access requests (i.e. a denial-of-service attack) or allow a malicious user complete control over every aspect of the system.
To check to see if you are running a Web server, open a Web browser, such as Internet Explorer, and attempt to access the URL "http://localhost." If you see an error message stating the page or the server was unreachable, you are not running local Web server software. However, if you see a Web page or a logon dialog box,
In most cases, you can uninstall IIS and PWS easily through the Add/Remove Programs applet in the Control Panel. Or if you prefer, you can simply disable Web services but level the Web server installed through the IIS MMC snap-in or the Services applet.About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
Related book Administrating Web Servers, Security and Maintenance, First Edition
By Eric Larson and Brian Stephens
This user friendly, interactive text provides competency in three key skill areas: 1. Web business management, from financial issues to project management and marketing; 2. Content management, including user interface, authoring languages, multimedia and graphics; and 3. Technical management involving administration, protocols, performance and security.
This was first published in March 2002