Tools to improve IIS server security

The IIS server can be used independently as a Web server or together with compatible tools, it can be used to establish Internet business, access and operate data from different data sources, and create Web applications. These applications use server scripts and component code to complete some client-server functions.

To improve the security of IIS servers, Microsoft provides two tools: IIS Lockdown and URLScan. IIS Lockdown 2.1 contains URLScan.

IIS Lockdown 2.1 has the following functions:

(1) Disable or delete unnecessary IIS server services and components.

(2) modify the default configuration to improve the security of system files and Web content directories.

(3) Use URLScan to filter HTTP requests.

Let's learn how to use the first two functions of the IIS server Lockdown 2.1. Note that the instructions in this article are for the IIS server Lockdown 2.1. the usage of previous versions is very different.

Notes

The IIS server Lockdown may change the running mode of the IIS server, so it is likely to conflict with applications that depend on some functions of the IIS server. In particular, be careful when installing IIS Server Lockdown and URLScan on a Server that runs Microsoft Exchange 2000 Server, Exchange Server 5.5, or Microsoft SharePoint Portal Server.

Microsoft's two articles explain possible difficulties and solutions: XADM: http://support.microsoft.com/default.aspx for using the known issues and adjustment policies of the IIS server Lockdown Wizard in an Exchange 2000 environment? Scid = kb; en-us; q309677), and SPS: How does the IIS Server Lockdown Tool affect the SharePoint Portal Server http://support.microsoft.com/default.aspx? Scid = kb; en-us; q309675 ).

In addition, before the official application of the IIS server Lockdown or URLScan, you must search the Microsoft Knowledge Base to collect the latest information that may cause problems.

After understanding the information and the suggestions, install the IIS server Lockdown on the test server to fully test whether the IIS server functions required by Web applications are affected. Finally, make a comprehensive system backup so that the system can be quickly restored when the system functions are seriously affected.