If you subscribe to our Win2KSecAdvice mailing list, you might know that over the weekend Microsoft posted a message notifying users about its new security tool for IIS 5.0. The new tool, called HFCheck (short for Hotfix Check), helps administrators quickly compare the hotfixes installed on an IIS 5.0 system against a database of available hotfixes. According to the description on Microsoft's Web site, "The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft Web site or a locally-hosted copy. When the tool finds a patch that hasn't been installed, it can display a dialogue or write a warning to the event log."
If you run IIS 5.0, be sure to try HFCheck. You'll find it on Microsoft's Technet site under the security section's tool page.
In addition to HFCheck, you can find two other security-related tools and four security checklists at the Technet Security site listed above. The other tools are the Windows 2000 Internet Server Security Tool and Security Planning Tool for IIS. The available checklists are Secure Internet Information Services 5 Checklist, Windows Domain Controller Checklist, IIS 4.0 Security Checklist, and Windows NT C2 Configuration Checklist.
The information that the checklists offer is obvious from the document titles, so I'll skip those details and summarize the security tools. The Windows 2000 Internet Server Security Tool automates IIS security configuration to help users avoid performing registry edits, security policy implementation, and other security-related configuration details. The Security Planning Tool for IIS helps administrators determine which computers and resources a user can reach based on the conditions the administrator specifies. You can also use the tool to test security configurations of Internet- or intranet-based IIS servers.
Be sure to visit Microsoft's Security Tools Web page and the Technet Security site. I'm sure you'll find them as informative as I did. And if you aren't subscribed to our Win2KsecAdvice or How-To for Security mailing lists, consider joining—you're missing some great information and help. Until next time, have a great week.