Urlscan Security Tool
Urlscan is a powerful security tool that works in conjunction with the IIS Lockdown Tool to give IIS Web site administrators the ability to turn off unneeded features and restrict the kind of HTTP requests that the server will process.
IIS Lockdown Wizard
Software works by turning off unnecessary features thereby reducing attack surface available to attackers.
From Blueprint to Fortress: A Guide to Securing IIS 5.0
A blueprint for administrators and system architects to secure a Microsoft® Internet Information Server (IIS) 5.0 Web server.
Manage Security of Your Windows IIS Web Services
Microsoft Consulting Services web server best practices.
Rain Forest Puppy: IIS %c1%1c Bug
Security advisory describing how the use of overly-long UNICODE representations for '/' and '\' can allow an attacker to run arbitrary commands on IIS v. 4 and 5 (Win 2000).
Enabling SSL in IIS on Windows XP Professional
This article describes steps one may take to create a test certificate that allows one to enable SSL on IIS under Windows XP Professional.
Secure Internet Information Services 5 Checklist
Recommendations and best practices to secure a server on the Web running Microsoft Windows 2000 and Internet Information Services (IIS) 5.