Back to Search Results

Training Course Summary:

Course Overview

This course teaches administrators how to significantly reduce the likelihood of unauthorised access to an IIS 5.0 installation.

Who Should Attend

Systems administrators responsible for administering and installing Microsoft Internet Information Server (IIS) 5.0 servers, as well as individuals responsible for the security of Web-based resources.

What You Will Learn

Course participants are shown Internet-based resources providing information and software that increase installations security, and are introduced to the tools commonly used by people seeking unauthorised access to servers. They also learn to perform a secure installation of IIS 5.0 and Windows 2000 installation, and check the installation for security holes. There are no exams associated with this course.




Pre-requisites



Successful completion of the following course, and an awareness of basic TCP/IP networking:

Creating and Managing a Web Server Using Microsoft Internet Information Server

Experience with Unix/Linux will also be an advantage



Follow-up Courses

None


Course Content

Internet Based Resources

Security organisation websites
Security-based mailing lists
Security tools available online
Hacker sites
Exploits and hacking tools online

The Attack Profile
Target identification: online data, ping sweeps, port scans
Target enumeration: HTTP header information, nMap utility
Types of attack: DoS, DDos, buffer overflow, malformed URLs
Examples of attacks: performing DoS attacks, performing buffer overflows

Non-Default installation of IIS
Problems with the default installation
Performing a custom installation
Hardening the installation

Securing Windows 2000
Setting Windows 2000 security
Using the Windows 2000 security tools

Checking the IIS installation
Using Microsoft security tools
Applying patches and hot-fixes
3rd Party tools
Testing the secure installation