1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443). 2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack. 3. Disallow all remote administration unless it is done using a one-time password or an encrypted link.

4. Limit the number of persons having administrator or root level access. 5. Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet. 6. Monitor system logs regularly for any suspicious activity. Install some trap macros to watch for attacks on the server (such as the PHF attack). Create macros that run every hour or so that would check the integrity of passwd and other critical files. When the macros detect a change, they should send an e-mail to the system manager.

7. Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin. 8. Remove the "default" document trees that are shipped with Web servers such as IIS and ExAir. 9. Apply all relevant security patches as soon as they are announced. 10. If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.

In large companies,personal computers are connected to large corporate networks. Personal computers in private homes often share a network between family members and computers in small companies are connected to a small local network. Personal computers are connected to a shared network.

To share resources like printers, files and disk storage,networks are used

Your shared resources can be accessed by the rest of the world,when you are connected to the Internet.

Many Microsoft Windows users are unaware of a common security leak in their corresponding network settings.

In Microsoft Windows,this is a common setup for network computers : 

• At first,search the client for Microsoft Networks
• Then File and Printer Sharing for Microsoft Networks
• Then use the NetBEUI Protocol
• After that use Internet Protocol TCP/IP to connect to the internet.

You have a security problem,if your setup allows NetBIOS over TCP/IP:

• All over the Internet,your files can be shared
• Your logon-name, workgroup-name, and computer-name are visible to others.

If your setup allows Printer and File Sharing over TCP/IP, you also have a problem:

• At first,your files can be shared all over the Internet

Computers that are not connected to any network can also have dangerous network settings because when Internet was installed,the network settings were changed.

For the Windows 2000 users:

By disabling NetBIOS over TCP/IP,you can solve your security problem :

• At first,open Windows Explorer
• Then right-click on My Network Places
• Then select: Properties
• Then right-click on Local Area Network
• After that select: Properties
• Then select: Internet Protocol TCP/IP
• Then click on Properties
• Then click on Advanced
• Then select the WINS tab
• Then select Disable NetBIOS over TCP/IP
• After that click OK

If you get the message: "This connection has an empty......", ignore the message and then click on YES to continue, and after that click OK to close the other setup windows.

After the changes,you should restart your computer.

For Windows ME,95 or 98 users:

By disabling NetBIOS over TCP/IP,you can solve your security problem :

• At first,open Windows Explorer
• Then right-click on My Network Places
• Then select: Properties
• Then right-click on Local Area Network
• After that select: Properties
• Then select: Internet Protocol TCP/IP
• Then click on Properties
• Then click on Advanced
• Then select the WINS tab
• Then select Disable NetBIOS over TCP/IP
• After that click OK

For Microsoft Networks and File and Printer Sharing,you must also disable the TCP/IP Bindings to Client

• At first,open Windows Explorer
• Then right-click on My Network Places
• Then select: Properties
• Then select: Internet Protocol TCP/IP
• Then click on Properties
• Then select the Bindings tab
• Then uncheck: Client for Microsoft Networks
• Then uncheck: File and Printer Sharing
• Then click OK

If you get a  message with something like: "You must select a driver.........", ignore the message and then click on YES to continue, and after that click OK to close the other setup windows.

You must use the NetBEUI protocol instead of the TCP/IP protocol,if you still want to share your Files and Printer over the network.Your local network,always make sure you have enabled it :

• At first,open Windows Explorer
• Then right-click on My Network Places
• Then select: Properties
• Then select: NetBEUI
• Then click on Properties
• Then select the Bindings tab
• Then check: Client for Microsoft Networks
• Then check: File and Printer Sharing
• After that,click OK

After the changes,you should restart your computer .

iisPROTECT provides a complete range of authentication, password protection and user management solutions:

iisPROTECTasp: Protect areas of your web site and for this it requires username and password.Grant/deny any groups/users on a per resource basis. Extensive Web Interface for user/group admin, use any DB backend, store custom data, set user end/start dates, email users, audit logins.

iisPROTECT: Protect all web site files including images, html,databases,ASP etc. Protect entire directories, groups/users independent from Windows accounts, complete web administration, does not require cookies or any programming. Complete turn key solution.

iisPROTECTquota: All of the features of iisPROTECT plus: prevent concurrent password and logins cracking attempts, set quotas on hits, logins, kb per user.

Read more about iisPROTECT.