What are some security concerns running IIS 6 if any? How do I minimize some of these security holes? Mainly I'm going to use IIS for running WSUS. It is require by this application. What are some suggestions on how to configure IIS so that it will at the very minimal for WSUS?

Will this server be on the public internet?

This server is intended for private use but it does have a public IP.

IIS is pretty secure out of the box. You shouldn't have to do anything just to get an html/asp/php site running.

The only thing which introduces security holes is when you start tinkering with accounts the IIS services run as. Very seldom do you have to do this though.

Thanks!

IIS is pretty secure out of the box. You shouldn't have to do anything just to get an html/asp/php site running.

The only thing which introduces security holes is when you start tinkering with accounts the IIS services run as. Very seldom do you have to do this though.
IIS 6 is certainly better and more secure than IIs 5. With V5, you had to run the lockdown tool and URLscan to secure it. Not as big an issue with 6.

I used IIS for awhile when running an FTP/Web server. Then I learned of how it can be a danger using IIS for public use. I then switched to Apache, and my server has been running properly without a hitch. But for internal use, IIS shouldnt really pose a security hole.

HTH

Okay, so if I only allow IP address of all my computers to access the IIS server then that should do it, right? What other things should I consider?

you shouldnt need to do that. Just dont foward any ports on your router that IIS will be using (i.e. If you were to use IIS as a web server, just dont foward port 80 on your router to direct any incoming requests on that port to your server IP. Beyond that, you can set it up so you would need to type the IP address of the server on whatever client computer you are on.

HTH

ComputerNut,

If he wants to publish his website using IIS on a public IP, he will have to set up port forwarding on his router. Otherwise port 80 would be blocked.

What security issues did you find with IIS 6? I would be interested to know as I have about 100 ASP.Net sites running off IIS 6.