Is Microsoft IIS really so "unsafe"? (3)

This list of IIS 5.0 does not mention several other measures that can be used to protect any computer connected to the network. These measures are very basic, but often overlooked:

Cancel the "netbios over tcp/ip" setting at least on the transmitter (adapter) connected to the network.

Do not bind client and server-side services on the same adapter TCP/IP.

The more services are stopped on the server the better. Services that can be considered for deactivation include: Alerter, ClipBook server, DHCP client, Directory Replicator, FTP Publishing Service, License Logging service, Messen GER, Netlogon, network dde, network DDE DDM, network Monitor, remote Access Server, remote Procedure call Locator, Schedul e Server, Simple Services, Spooler, TCP/IP NetBIOS Helper, and telephone Service.

The use of good user management, adhere to the use of a secure password (strong password), remove such as "guest" and other useless accounts, the rights of anyone to control.

Nosratinia offers another less common recommendation. First, she recommends deleting the "administrator" account (or removing it from all team members forms) and creating a new administrator account with a rare name (odd name). She also recommends using the Encrypting File System for all online content (Encrypted file system,efs), so that even if an intruder can paralyze the system, it can at least prevent them from changing the content of the site.

Unlike the traditional practice of assigning permissions to a consumer group (group), Nosratinia recommends assigning permissions to a single user (individual) account. She said that in order to get into the system, the hacker had to "enter a user group with a higher privilege level than the account he was using." "The use of a single user's account (rather than a group of users) can be a deterrent in this process.