Protect Iis:1 with 10 steps below. Install an NTFS device specifically for IIS applications and data. If possible, do not allow iuser (or any other anonymous user name) to access any other device. If an application fails because an anonymous user cannot access a program on another device, immediately use Sysinternals's Filemon to detect which file is inaccessible, and then transfer the program to the IIS device. If this is not possible, iuser access is allowed and only the file can be accessed. 2. Set NTFS permissions on the device: developers = Full (all permissions) Iuser = Read and execute only (read and Execute permissions) System and admin = Full (all permissions) 3. Use a software _blank " > firewall to verify that no end user has access to ports other than port 80 on the IIS computer. 4. Lock your computer with the Microsoft tools: IIS Lockdown and URLScan. 5. Enable the IIS event log. In addition to using the IIS event log, if possible, try to enable event logging for the _blank > firewall. 6. Remove log files from the default storage location and ensure that they are backed up. Create a duplicate copy of the log file to make sure that the copy placed in the second position is available. 7. Enable Windows auditing on your computer because we are always missing enough data when we try to track the behavior of those attackers. The script then sends a report to the administrator by using the audit log and possibly even having a script to audit for suspicious behavior. This may sound a bit extreme, but it's the best option if security is important to your organization. Establish an audit system to report any failed account logon behavior. Also, like the IIS log file, change its default storage location (C:\winnt\system32\config\secevent.log) to another location and make sure it has a backup and a duplicate copy. 8. Generally, do your best to find articles on security (from different places) and follow them in practice. In terms of IIS and security practices, they usually say something better than what you know, and don't just believe what other people (like me) tell you. 9. Subscribe to an IIS defect list message and keep reading it on time. One of the lists is the X-force Alerts and advisories 10 of the Internet security BAE (Internet Safety System). Finally, make sure that you update Windows regularly, and verify that the patch was successfully installed. Responsible Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original: simple ten Steps to protect IIS Web server security Back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
