Securing the Windows Server 2003 IIS server

Source: Internet
Author: User
Tags iis


This module focuses on the instructions and steps required to harden your IIS servers in your environment. To provide comprehensive security for WEB servers and applications in your organization's corporate Intranet, you should protect each Microsoft Internet Information Services (IIS) server and each Web site and application running on those servers from clients that can connect to them Computer damage. In addition, you should protect Web sites and applications running on all of these IIS servers from Web sites and applications running on other IIS servers in your corporate Intranet.

To take the initiative in resisting malicious users and attackers, IIS is not installed on the Windows Server 2003 family of products by default. IIS was initially installed in a highly secure lockdown mode. For example, by default, IIS initially provides only static content. such as Active server Pages (ASP),, server-side include (SSI), Web Distributed Authoring and Versioning (WebDAV) publishing, and Microsoft Frontpag E? Features such as Server Extensions only work if the administrator has enabled them. These features and services can be enabled through the Web Service Extensions node in Internet Information Services Manager (IIS Manager).

The IIS Management appliance has a graphical user interface (GUI) that can be used to easily manage IIS. It includes resources for file and directory management, the ability to configure application pools, and the many features of security, performance, and reliability.

The next sections of this chapter detail the various security hardening settings that can be enforced to enhance the security of an IIS server that hosts HTML content in your corporate Intranet. However, to ensure that the IIS server is always in a secure state, you should also perform steps such as security monitoring, detection, and response.

Audit Policy settings

The audit policy settings for IIS servers are configured through the MSBP in the three environments defined in this guidance. For more information about the MSBP, see the module, "to create a member server Baseline for a Windows Server 2003 server." The MSBP settings ensure that all relevant security audit information is recorded on all IIS servers.

Related Article

Cloud Intelligence Leading the Digital Future

Alibaba Cloud ACtivate Online Conference, Nov. 20th & 21st, 2019 (UTC+08)

Register Now >

Starter Package

SSD Cloud server and data transfer for only $2.50 a month

Get Started >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.