Installation Recommendations

Previous page
Table of content
Next page

By default, the Windows 2000 Server setup installs IIS. However, the recommendation is that you do not install IIS as part of the operating system installation but install it later, after you have updated and patched the base operating system. After you install IIS, you must reapply IIS patches and harden the IIS configuration to ensure that it is fully secured. Only then is it safe to connect the server to the network.

IIS Installation Recommendations

If you are installing and configuring a new Web server, follow the procedure outlined below.

 Task   To build a new Web server

  1. Install Windows 2000 Server, but do not install IIS as part of the operating system installation.

  2. Apply the latest service packs and patches to the operating system. (If you are configuring more than one server, see "Including Service Packs with a Base Installation," later in this section.)

  3. Install IIS separately by using Add/Remove Programs in the Control Panel.

    If you do not need the following services, do not install them when you install IIS:

    • File Transfer Protocol (FTP) Server

    • Microsoft FrontPage( 2000 Server Extensions

    • Internet Service Manager (HTML)

    • NNTP Service

    • SMTP Service

    • Visual InterDev RAD Remote Deployment Support

    Note  

    By installing IIS on a fully patched and updated operating system, you can prevent attacks that take advantage of known vulnerabilities (such as NIMDA) that have now been patched.

.NET Framework Installation Recommendations

Do not install the .NET Framework Software Development Kit (SDK) on a production server. The SDK contains utilities that the server does not require. If an attacker gains access to your server, the attacker can use some of these tools to assist other attacks.

Instead, install the redistributable package, which you can obtain from the "Downloads" link at the .NET Framework site on Microsoft.com at http://www.microsoft.com/net/ .

Including Service Packs with a Base Installation

If you need to build multiple servers, you can incorporate service packs directly into your Windows installations. Service packs include a program called Update.exe to combine a service pack with your Windows installation files.

 Task   To combine a service pack with a Windows installation

  1. Download the latest service pack.

  2. Extract Update.exe from the service pack by launching the service pack setup with the -x option, as follows :

    w3ksp3.exe -x

  3. Integrate the service pack with your Windows installation source, by running update.exe with the -s option, passing the folder path of your Windows installation as follows:

    update.exe -s c:\ YourWindowsInstallationSource

For more information, see the MSDN article, "Customizing Unattended Win2K Installations" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/custominstall.asp .



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Network Security Architectures
101 Microsoft Visual Basic .NET Applications
Microsoft VBScript Professional Projects
Extending and Embedding PHP
Quantitative Methods in Project Management
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy