Here we provide 15 protection techniques to help IIS administrators protect Web servers at a very low cost. Of course, before talking about these techniques, we should first develop a set of security policies. The first step to protect Web servers is to ensure that the Network Administrator understands every rule in the security policy. If the top management does not regard server security as an asset that must be protected, the protection work is completely meaningless. This work requires long-term efforts. If the budget is not supported or it is not part of a long-term IT strategy, administrators who spend a lot of time protecting server security will not receive significant support from management. What is the direct result of a network administrator setting up security for various resources? Some especially adventurous users will be locked out. The users will then complain about the company's management, and the management will ask the network administrator what happened. Therefore, the network administrator cannot establish a document to support their security work. As a result, a conflict occurs. By marking security policies for the security level and availability of web servers, network administrators can easily deploy various software tools on different operating systems. Microsoft's products have always been the target of all attacks. Therefore, IIS servers are especially vulnerable to attacks. After understanding this, the network administrator must prepare to perform a large number of security measures. A list will be provided here, and Server Operators may find this very useful. 1. Maintain windows upgrades You must promptly update all updates and patch the system. Consider downloading all updates to a dedicated server on your network and publishing the files on this server as a web server. Through this work, you can prevent your web server from accepting direct Internet access. 2. Use IIS prevention tools This tool has many practical advantages. However, please use it with caution. If your web server interacts with other servers, first test the prevention tool to ensure that it has been correctly configured so that it will not affect the communication between the Web server and other servers. 3. Remove the default web site Many attackers target the inetpub folder and place some attack tools in it, causing server paralysis. The easiest way to prevent this attack is to disable the default site in IIS. Then, because worms access your website through IP addresses (they may access thousands of IP addresses a day), their requests may be in trouble. Point your real Web site to a folder in the back partition and must contain safe NTFS permissions (which will be detailed in the NTFS section below ). 4. If you do not need FTP or SMTP services, uninstall them. The simplest way to access a computer is through FTP. FTP itself is designed to meet the requirements of simple read/write access. If you perform identity authentication, you will find that your user name and password are transmitted over the network in plaintext. SMTP is another service that allows write permission to folders. By disabling these two services, you can avoid more hacker attacks. 5. Check your administrator group and services with rules If one user is added to the Administrator group, this means that someone has successfully entered your system, and he or she may drop the bomb into your system, this will suddenly destroy your entire system, or occupy a large amount of bandwidth for hackers to use. Hackers also tend to leave a help service. Once this happens, it may be too late to take any measures. You can only reformat your disk, recover your daily backup files from the backup server. Therefore, check the service list on the IIS server and keep as few services as possible as your daily task. You should remember which service should exist and which service should not. Windows 2000 resource kitlet us use a program called tlist.exe, which can list the services that run under svchost in each situation. Run this program to find some hidden services you want to know. Tip: Any service containing the words "daemon" may not be included in windows and should not exist on the IIS server. 6. strictly control the write access permissions of the server This may sound very easy. However, a Web server actually has many "Authors ". Folders on the server may have extremely dangerous access permissions. One way to share or spread this information is to install 2nd servers for special sharing and storage purposes, and then configure your web server to point to the shared server. This step allows the network administrator to restrict the rewrite permissions of the Web server to only the users in the Administrator group. 7. Set a complex password If a user uses a weak password (such as "password", "changeme", or any dictionary word), hackers can quickly and easily intrude into these user accounts. 8. Reduce/exclude sharing on Web Servers If the network administrator is the only person with write permissions on the Web server, there is no reason to share the data. Sharing is the greatest temptation for hackers. In addition, by running a simple cyclic batch processing file, hackers can view an IP address list and use the // command to find the sharing of everyone/full control permissions. 9. Disable netbi0s in TCP/IP This is cruel. Many users want to access the Web server through the UNC path name. As netbi0s is disabled, they cannot do so. On the other hand, as netbi0s is disabled, hackers cannot view resources on your LAN. This is a double-edged sword. If the network administrator deploys this tool, the next step is to educate web users how to publish information when netbi0s becomes invalid. 10. TCP port blocking This is another cruel tool. If you are familiar with every TCP port that accesses your server for legal reasons, you can go to the Properties tab of your network interface card and select the bound TCP/IP protocol, block all ports you do not need. You must be careful when using this tool, because you do not want to lock yourself out of the web server, especially when you need to remotely log on to the server. 11. Carefully check *. BAT and *. EXE files Search for *. BAT and *. EXE files once a week to check whether there is a favorite file on the server, which is a nightmare for you. Some of these destructive files may be *. Reg files. If you right-click and select edit, you can find that hackers have created and enabled them to access the Registry File of your system. You can delete these primary keys that do not make any sense but facilitate intruders. 12. Manage IIS Directory Security IIS Directory Security allows you to deny specific IP addresses, subnets, and even domain names. You can select a software called whos0n that allows people to understand which IP addresses are attempting to access specific files on the server. Whos0n lists a series of exceptions. If you find that a user is trying to upload your cmd.exe, you can choose to deny the user access to the web server. Of course, in a busy web site, this may require a full-time employee. However, in the Intranet, this is really a very useful tool. You can provide resources to all users in the LAN or to specific users. 13. use NTFS Security By default, your NTFS drive uses every0ne/full control permissions unless you manually turn them off. The key is not to lock yourself out. Different people need different permissions, administrators need full control, and backend accounts need full control, each system and service requires a certain level of access permissions, depending on different files. The most important folder is system32. The smaller the ACL for this folder, the better. Using NTFS permissions on Web servers helps you protect important files and applications. 14. manage user accounts If you have already installed IIS, you may have a TsInternetUser account. Unless you really need this account, you should disable it. This user is easily infiltrated and is a notable target of hackers. To help manage user accounts, make sure your Local Security Policy is correct. IUSR user permissions should be as small as possible. 15. Audit your web server Audit has a great impact on the performance of your computer. Therefore, if you do not check it frequently, do not audit it. If you can use it, Audit System Events and add audit tools as needed. If you are using the aforementioned whos0n tool, auditing is not that important. By default, IIS always records access, and whos0n places these records in a very easy-to-read database. You can open them through access or Excel. If you often view abnormal databases, you can find the server's vulnerabilities at any time. Summary All of the above IIS skills and tools (except whos0n) are provided by windows. Do not forget to use these skills and tools one by one before testing your website accessibility. If they are deployed together, you may suffer heavy losses. You may need to restart them to lose access. |