Everyone knows that IIS security is always worrying. How to use IIS to build a secure Web server is a concern of many people. Today, let's get to know what is important to ensure IIS security.
IIS servers are closely integrated with Windows NT servers. This ensures that network administrators and application developers have the same security, network, and management functions as Windows NT servers. In addition to familiar Windows NT server tools and functions, the IIS server also has some built-in functions that can help you manage Secure Web sites, develop and configure Server-Intensive Web applications.
1. Delete unnecessary virtual directories for IIS Security Configuration
After IIS is installed, some directories are generated by default under wwwroot, including IISHelp, IISAdmin, IISSamples, and MSADC. These directories have no practical effect and can be deleted directly.
2. For IIS security configuration, You need to delete dangerous IIS components.
Some IIS components installed by default may cause security threats, such as Internet Service Manager (HTML), SMTP Service, NNTP Service, Sample Page, and script, you can decide whether to delete the file based on your needs.
3. For IIS security configuration, you need to set permissions for file categories in IIS
In addition to setting necessary permissions for IIS files in the operating system, you must also set permissions for these files in the IIS manager. A good setting policy is to create directories for different types of files on the Web site and assign them appropriate permissions. For example, static file folders allow reading and writing, ASP script folders allow execution, writing and reading, EXE, and other executable programs allow execution and read/write rejection.
Here, we will first explain the key points of attention for the three configuration points, and hope you will continue to pay attention to us.