There are a few questions about configuring Apache for local development, such as this one, but I didn't see anything about IIS. Suggestions for locking down IIS without crippling it's functionality?
In response to a comment, I'm looking to do ASP.NET development using the IIS server that comes with Windows XP Pro SP3 (IIS 5 or 6, I believe).
If you're using Visual Studio .NET 2008 (or 2005) they have a built-in Web Server that will only respond to localhost requests... No need to install IIS. How about that for lock-down? ;-)
If you are using Visual Studio for ASP.NET development you don't need to use IIS. The default configuration for Web Projects is to use the built in Web server, webDev.WebServer.EXE
The version of IIS in XP isn't well suited for development as it is connection throttled and allows only one site.
The IIS that comes with XP is 5.0 and limits # of concurrent connections to 10 (I think- something low).
Lock Down:
For IIS development I don't think you should worry too much about security for local development as long as you trust the people on your network and you are not exposed to the internet.
But if you are really paranoid, the best method would be to lock it out against everyone besides the peron on that machine. As Odividiu said (first answer) you can set your IIS to only listen to request coming from the local machine (127.0.0.1). you can do this by:
1) start->run->%SystemRoot%\system32\inetsrv\iis.msc 2) Click the 'Default Web Site' 3) Action->Properties 4) Change 'IP Address' to '127.0.0.1 and click 'Apply'.