Fog Creek Software
Discussion Board




what's safe to lockdown?

In September, we were concerned about the Code Red virus and others, so we applied the IIS Lockdown tool Microsoft provides. At the same time, the project in which we were using FOgbugz went "on holiday".

We need to use Fogbugz again, and after some futzing (e.g. to disable the NAV script blocking and to undo the IIS lockdown), it seems to work well.

However, I'd like to lockdown as much as possible. What's safe to lockdown, and what do I have to leave running?

Christoph Berendes
Wednesday, January 30, 2002

I'm not sure what the lockdown tool does, but here's some pointers...

One is stop the SMTP server and FTP server.
Two is to set IIS so it denies access to anyone not in your subnet (IP restrictions).

Michael H. Pryor
Wednesday, January 30, 2002

By "safe", I meant "how much can I lockdown and still have Fogbugz run happily"?

It wasn't happy when I locked down everything, or everything except for ASP pages...

Christoph Berendes
Wednesday, January 30, 2002

I think the tool might prevent IUSR_Machine from accessing the hard drive. In that case you can click on properties for fogbugz in the internet services manager.  Go to Directory Security.  Click Edit under anonymous access.  Click edit again.  Set this to a real user that has permissions to write to the disk AND permissions to access your SQL server and the fogbugz database if you are using SQL server.

Michael H. Pryor
Friday, February 01, 2002

*  Recent Topics

*  Fog Creek Home