Many companies use the following two steps to make configuration for their Windows 2000-based network servers: (1) Install IIS 5.0, (2) no longer ignore it. If this is the case, why not take a third step: pray.
A good compromise between the IIS 5.0,microsoft for security and accessibility/availability (accessibility/usability) is generally considered to be more likely to be the latter. Alexandra Nosratinia, a senior Information security engineer at Data return Corporation, says that the graphical user interface (GUI) of IIS makes managing and resolving problems easier and the site is very fast compared to servers such as Apache. With the graphical user interface for IIS, you can even stop needing expert help. But to be aware, a system that is easy to use does not represent a secure system.
If you choose the default configuration for IIS (default configuration), you are asking for trouble. While it is your responsibility to enhance security, Microsoft has provided enough information to help you.
Start with the Microsoft IIS 5.0 security Checklist! It includes a number of easy to understand steps to help protect the Windows 2000 family of Web servers from most attacks. The information that can be found in this list includes the following practical topics:
Configure IPSEC policy when intruders break through the firewall.
Restrict the users who can access the Telnet server to protect the server.
Set the appropriate access control for the server's virtual directory.
Log, and set the appropriate permissions in the log file.
If appropriate, do permissions for the IP address and DNS address.
Update the Root CA certificate on the network server.
Remove all the demonstration applications in IIS.
Remove all unnecessary COM components, such as File System Object.
After upgrading from IIS 4.0, remove the IISADMPWD virtual directory.
Remove unwanted application correspondence (script mappings), such as IDC or HTR.
Check the form input in the ASP program code to prevent malicious input.
Disable the Parent Paths option in IIS 5.0.
Disables the header information of the Content-location file to avoid revealing the address.
If you are familiar with the similar checklist provided for IIS 4.0, you will notice that the version of IIS 5.0 is a lot shorter. This is because Microsoft has moved the configuration (setting) in many IIS 4.0 manifests to the new Hisecweb.inf security template prepared for Windows 2000. Download the template and use it on your server. In addition, many of the recommended configurations in the IIS 4.0 manifest are now the preset configurations in IIS 5.0.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
