Three methods to ensure IIS security

Ensure IIS security

IIS secure installation

To build a secure IIS server, you must fully consider the security issues during installation.

1. Do not install IIS on the system partition.

2. Modify the default installation path of IIS.

3. Install the latest patches for Windows and IIS.

IIS Security Configuration

1. Delete unnecessary virtual directories

After IIS is installed, some directories are generated by default under wwwroot, including IISHelp, IISAdmin, IISSamples, and MSADC. These directories have no practical effect and can be deleted directly.

2. Delete dangerous IIS Components

Some IIS components installed by default may cause security threats, such as Internet Service Manager (HTML), SMTP Service, NNTP Service, Sample Page, and script, you can decide whether to delete the file based on your needs.

3. Set permissions for file categories in IIS

In addition to setting necessary permissions for IIS files in the operating system, you must also set permissions for these files in the IIS manager. A good setting policy is to create directories for different types of files on the Web site and assign them appropriate permissions. For example, static file folders allow reading and writing, ASP script folders allow execution, writing and reading, EXE, and other executable programs allow execution and read/write rejection.

4. Delete unnecessary application mappings

By default, many application mappings exist in ISS. Except for the ASP program ing, other files are rarely used on websites.

In "Internet Service Manager", right-click the website directory and select "properties". On the "home directory" page of the "website directory properties" dialog box, click the [configuration] button, the "application configuration" dialog box is displayed. On the "Application ing" Page, useless program ing is deleted. If you need this type of file, you must install the latest system patch, select the corresponding program ing, and then click the [edit] button, in the "Add/edit application extension ing" dialog box, select the "check whether a file exists" option. In this way, when the customer requests such files, IIS will first check whether the files exist and then call the dynamic link library defined in the program ing for parsing.

5. Log Security Protection

Logs are an important part of the system security policy, ensuring the security of logs can effectively improve the overall security of the system.

● Modify the path for storing IIS logs

By default, IIS logs are stored in % WinDir % System32LogFiles, which is clear to hackers. Therefore, you are advised to modify the storage path. In "Internet Service Manager", right-click the website directory and select "properties". On the "Web site" page in the "website directory properties" dialog box, when "Enable Logging" is selected, click the [attribute] button next to it. On the "general attributes" page, click the [browse] button or enter the log storage path in the input box.

● Modify the Log Access permission and set that only the administrator can access the log.

With some of the above security settings, we believe your Web server will be much safer.