Describes in detail how to achieve IIS Security Configuration

Source: Internet
Author: User

Everyone knows that IIS security is always worrying. How to use IIS to build a secure Web server is a concern of many people. Today, let's get to know what is important to ensure IIS security.

IIS servers are closely integrated with Windows NT servers. This ensures that network administrators and application developers have the same security, network, and management functions as Windows NT servers. In addition to familiar Windows NT server tools and functions, the IIS server also has some built-in functions that can help you manage Secure Web sites, develop and configure Server-Intensive Web applications.

1. Delete unnecessary virtual directories for IIS Security Configuration

After IIS is installed, some directories are generated by default under wwwroot, including IISHelp, IISAdmin, IISSamples, and MSADC. These directories have no practical effect and can be deleted directly.

2. For IIS security configuration, You need to delete dangerous IIS components.

Some IIS components installed by default may cause security threats, such as Internet Service Manager (HTML), SMTP Service, NNTP Service, Sample Page, and script, you can decide whether to delete the file based on your needs.

3. For IIS security configuration, you need to set permissions for file categories in IIS

In addition to setting necessary permissions for IIS files in the operating system, you must also set permissions for these files in the IIS manager. A good setting policy is to create directories for different types of files on the Web site and assign them appropriate permissions. For example, static file folders allow reading and writing, ASP script folders allow execution, writing and reading, EXE, and other executable programs allow execution and read/write rejection.

Here, we will first explain the key points of attention for the three configuration points, and hope you will continue to pay attention to us.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.