Instructions for strengthening IIS servers

To provide comprehensive security protection for Web servers and applications in the organization's company's Intranet, every Microsoft Internet Information Service Server (IIS server) should be protected) and each Web site and application running on these servers is not infringed on the client computers that can connect to them.

In addition, the Web sites and applications running on all these IIS servers should be protected against the Web sites and applications running on other IIS servers on the company Intranet.

To take the initiative to resist malicious users and attackers, IIS is not installed on Windows Server 2003 by default. IIS was initially installed in highly secure lock mode.

For example, by default, IIS initially only provides static content. Such as Active Server Pages (ASP), ASP. NET, Server end including (SSI), Web Distributed Authoring and Versioning (WebDAV), and Microsoft FrontPage®Server Extensions and other functions only take effect after the Administrator enables them.

You can use the Web Service Extension node in Internet Information Service Manager IIS manager to enable these functions and services.

The IIS manager has a graphical user interface (GUI) for convenient management of IIS. It includes resources for file and directory management, can be configured on the application pool, and has many security, performance, and reliability features.

We should understand various security enhancement settings and execute these settings to enhance the security of IIS servers that store HTML content on the company Intranet. However, to ensure that the IIS server is always in a secure state, you should also perform security monitoring, detection, and response steps.