Problem solve Get help with specific problems with your technologies, process and projects.

Secure IIS 5.0 tips

I have an IIS 5.0 server that I wish to secure. Do you have any tips on how best this can be achieved? Would an Apache server be a better choice than IIS?

You should definitely consider using Microsoft's IIS Lockdown wizard, available at no extra charge from Microsoft. It'll step you through securing your configuration, and offers some pretty solid recommendations for improving the default settings.

As for Apache vs. IIS... You should really go with whichever you are most familiar with up front. Both have a history of security issues (although IIS probably has had more problems over the years). Still, your best bet for security is to use a product you are more familiar with. That way, you'll be more comfortable administering, patching and operating it.

For more info on this topic, visit these SearchSecurity.com resources:
  • Best Web Links: Microsoft security
  • Web Security Tip: Getting IIS patched fast
  • Web Security Tip: Keep Apache patched

  • This was last published in August 2003

    Dig Deeper on Web Server Threats and Countermeasures

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.