ONLamp.com: Top Ten Tips to Make Attacker’s Lives Hell

ONLamp.com: Top Ten Tips to Make Attacker’s Lives Hell

Good stuff here. Articles like this often lack practical implementation info, but this gives you some specifics to follow. One app it mentions that I wasn’t aware of is URLScan, a free tool from MS to filter server requests. Not that I’d ever use a MS Server for anything that the public could access, but if you must, this seems like a requirement for your IIS box.