Knowledge about IIS server security

We know that most Web sites are designed to provide visitors with instant information access in the most acceptable way. By marking security policies for IIS server security levels and availability, the network administrator can easily deploy various software tools on different operating systems.

If you do not need the FTP and SMTP services, uninstall them:

The simplest way to access a computer is through FTP. FTP itself is designed to meet the requirements of simple read/write access. If you perform identity authentication, you will find that your user name and password are transmitted over the network in plaintext. SMTP is another service that allows write permission to folders. By disabling these two services, you can avoid more hacker attacks.

Check your administrator group and services with rules:

One day I entered our classroom and found that there was another user in the Administrator group. This means that someone has successfully entered your system, and he or she may drop the bomb into your system, which will suddenly destroy your entire system, alternatively, hackers can use a large amount of bandwidth.

Hackers also tend to leave a help service. Once this happens, it may be too late to take any measures. You can only reformat your disk, recover your daily backup files from the backup IIS server. Therefore, check the service list on the IIS server and keep as few services as possible as your daily task.

You should remember which service should exist and which service should not. Windows 2000 Resource kitlet us use a program called tlist.exe, which can list the services that run under svchost in each situation.

Run this program to find some hidden services you want to know. The following message is displayed: Any service containing the words "daemon" may not be included in Windows and should not exist on the IIS server. To get a list of Windows Services and know their respective functions, click here.

Strictly control the write access permissions of the IIS server:

This sounds easy. However, on a college campus, a Web server actually has many "Authors. Faculty members all want their classroom information to be accessible to remote students. Employees want to share their work information with other employees.

Folders on the IIS server may have extremely dangerous access permissions. One way to share or spread this information is to install 2nd servers for special sharing and storage purposes, and then configure your Web server to point to the shared server. This step allows the network administrator to restrict the write permission of the Web server to the Administrator group only.