Tips to locked down a IIS6.0 OMA/OWA servers
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
hey guys any ideas on what to do to lock down my IIS6.0 OMA/OWA.
we use it for OWA and OMA access and I had to allow access to all servers
instead of just the email server access to allow our mobile sync to work.
any suggestion to locking it down. and our firewall rule states only access
through 443 to this server only. so is she locked good??
any tips or websites to read up on would be great thanks guys.
we use it for OWA and OMA access and I had to allow access to all servers
instead of just the email server access to allow our mobile sync to work.
any suggestion to locking it down. and our firewall rule states only access
through 443 to this server only. so is she locked good??
any tips or websites to read up on would be great thanks guys.
Comments
-
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Step 1: Get rid of IIS 6 lol
There were STIGs on the internet for IIS 6
National Vulnerability Database (NVD) National Checklist Program Checklist Detail for Web IIS Checklist Version 6, Release 1.12
Also check this out:
https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f8f81568-31f2-4210-9982-b9391afc30eb.mspx?mfr=true -
Everyone
Member Posts: 1,661
Sounds like an Exchange 2003 server, since he said it is OMA/OWA. You can't go to IIS7 without going to Server 2008, and Exchange 2003 won't run on Server 2008. Upgrading Exchange (preferably to 2010) would be the only option.Bl8ckr0uter wrote: »
The IIS Lockdown tool is what you want to run... here's a couple articles for it: http://www.msexchange.org/articles/IIS-Lockdown-Tool-Secure-Exchange-Installations.html
URLSCan and IIS Lockdown Wizard