1510 talking about IIS security mechanism

As one of today's popular Web servers, IIS (Internet Information Server) provides powerful Internet and intranet service capabilities. How to strengthen the security mechanism of IIS and establish a reliable Web server with high security performance has become an important part of network management.

Based on the Windows NT security mechanism

1. Apply the NTFS file system

The NTFS file system can manage files and directories, and the FAT file system provides only shared-level security, while Windows NT security is built on the NTFS file system, so it is best to use the NTFS file system when installing Windows NT. Otherwise, the NT security mechanism will not be established.

2. Change of Share permissions

By default, everyone has a "Full Control" share permission for each new share created, so you should modify the default permissions for everyone immediately after a new share is established.

3. Rename the system administrator account

Although the domain User Manager can limit the number of guessing passwords, but the system administrator account (Adminstrator) can not be limited, which may give illegal users to attack the Administrator account password opportunities, through the domain User Manager to rename the Administrator account is a good way. The specific settings are as follows:

Select "Start" menu → "program" → start "domain User Manager" → select "Administrator account (adminstrator)" → select "User" menu → "rename", modify it.

4. Cancel the NetBIOS bindings on TCP/IP

An NT system administrator can manage the Internet or other servers on an intranet by constructing an image between the target station's NetBIOS name and its IP address, but illegal users can also find an opportunity to do so. If this remote administration is not required, it should be canceled immediately (through the binding options for network properties to remove the binding between NetBIOS and TCP/IP).

To set the security mechanism for IIS

1. Safety issues to be noted when installing