Strengthen IIS security mechanisms to establish high-security Web servers

Source: CCID Author: left

As the most popular Web server platform, IIS plays a huge role. Therefore, it is particularly important to understand how to enhance the IIS security mechanism and establish a Web server with high security performance.
Ensure system security

Because IIS is built on the operating system, security should also be built on the basis of system security. Therefore, ensuring system security is the basis of IIS security. Therefore, we need to do the following.

1. Use the NTFS file system

NTFS should be used in the NT System. NTFS can manage files and directories, while the FAT file system can only provide shared-level security. By default, every time a new share is created, all users can see it, which is not conducive to system security. Unlike the FAT file system, the NTFS file ensures system security by modifying permissions after creating a new share.

2. Disable default share

In Windows 2000, there is a "default share", which means the system installation partition is automatically shared when the server is installed. Although the Super User Password is required to access the system, however, this is a potential security risk. We recommend that you disable the "default share" feature to ensure system security. Click Start/run. In the run window, enter Regedit to open the Registry Editor and expand HKEY_LOCAL_MACHINESYSTEM.
CurrentControlSetlanmanworkstationparameters, create a dual-byte value named "AutoShare-Wks" in the right window, set its value to 0, so that you can completely disable "default share ".

3. Set the User Password

You must set a password. Use a mix of numbers and letters as much as possible. You also need to change the password frequently to block failed logon attempts and set a strict account survival time. Do not set a simple password, and try not to associate the password with the user name.

Ensure IIS security

To ensure high system security, you must also ensure IIS security. Pay attention to the following:

1. Try to Avoid installing IIS on the master Domain Controller in the network.

After IIS is installed, an anonymous IUSR_Computername account is generated on the computer on which it is installed. This account will be added to the domain user group to grant the access permissions applied to the domain user group to each anonymous user accessing the Web server. This does not guarantee IIS security, it also threatens the master domain controller.

2. Restrict website directory permissions

At present, many scripts may cause security risks. Therefore, when setting directory permissions for IIS websites, you must strictly restrict the execution and write permissions.

3. Download the IIS patch at Microsoft's site frequently to ensure the latest version of IIS.

As long as you increase security awareness and pay attention to system and IIS settings, IIS is a secure server platform that provides us with secure and stable services.