MS SQL Server & IIS Security... military grade?
-
I have a developer background, but in a new job, I fell into the role of security expert for Microsoft's SQL Server (v7 & 2000) and IIS (v4 & 5). I am contracted to a US Dept. of Defense agency. When they were doing a big security push, they didn't have any IIS or SQL Server "experts/gurus." I'm no self-proclaimed expert, but because I was familiar with both thanks to my MCDBA cert, I was tasks with locking them down. In the last few months, I've learned quite a bit about security on these to systems. The military bases their security off the specifications created by a group of software companies & govt agencies such as Microsoft, Sun, IBM, HP, CIA, and the NSA. There's a gold & platinum standard. These standards are used by many of the people in the private sector... the military uses the platinum standard. What is thethe point of this posting? I was thinking about writing a few articles based on this security. Would this be something of interest to others? -AC
-
I have a developer background, but in a new job, I fell into the role of security expert for Microsoft's SQL Server (v7 & 2000) and IIS (v4 & 5). I am contracted to a US Dept. of Defense agency. When they were doing a big security push, they didn't have any IIS or SQL Server "experts/gurus." I'm no self-proclaimed expert, but because I was familiar with both thanks to my MCDBA cert, I was tasks with locking them down. In the last few months, I've learned quite a bit about security on these to systems. The military bases their security off the specifications created by a group of software companies & govt agencies such as Microsoft, Sun, IBM, HP, CIA, and the NSA. There's a gold & platinum standard. These standards are used by many of the people in the private sector... the military uses the platinum standard. What is thethe point of this posting? I was thinking about writing a few articles based on this security. Would this be something of interest to others? -AC
Andrew Connell wrote: Would this be something of interest to others? Hell yes! :-D We can either just carry on moaning about IIS security or we can learn how to lock it down as is needed. A systematic article on locking down IIS and SQL would be very useful, especially if it comes from real world experience and not just theoretical pondering :)
Paul Watson
Bluegrass
Cape Town, South AfricaRay Cassick wrote:
Well I am not female, not gay and I am not Paul Watson