Security

Auditing Access with IIS 5.0 Logs

You can use IIS 5.0 logs in order to track access to your server. Logging is very flexible and can be used in conjunction with a log file analysis tool (such as WebTrends from http://www.webtrends.coma) to detect suspicious activity such as:

• Multiple failed commands, especially to the /Scripts directory, or to another directory configured for executable files.
• Attempts to upload files to the /Script directory, or to another directory configured for executable files.
• Attempts to access .bat, .exe or .cmd files and subvert their purpose.
• Attempts to send .bat or .cmd commands to the /Scripts directory, or to another directory configured for executable files.
• Excessive requests from a single IP address attempting to overload or cause a denial­of-service attack.

For more information about logging, see “Monitoring and Tuning Your Server” in this book.

See the following:

Useful IIS Admin Objects/ADSI Security Settings

© 1997-1999 Microsoft Corporation. All rights reserved.