The IIS server network communication diagram we have learned assumes that the environment contains a DNS server with Active Directory Enabled. If an independent DNS server is used, other rules may be required.
The execution of the IPSec Policy should not significantly affect the performance of the IIS server. However, tests must be performed before these filters are executed to verify that the server maintains the necessary functionality and performance. You may need to add additional rules to support other applications.
This Guide contains a. cmd file that simplifies the process of creating an IPSec filter for the domain controller as required by the Guide. The PacketFilters-IIS.cmd file uses the NETSH command to create the appropriate filter.
You must modify this. cmd file to include the IP address of the domain controller in your environment. The script contains two placeholders for the two domain controllers to be added. You can add other domain controllers as needed. The IP address list of these domain controllers should be up-to-date.
If there is a MOM in the environment, you should specify the corresponding MOM Server IP address in the script. This script does not create a permanent filter. Therefore, the server will not be protected until the IPSec Policy proxy is started.
For more information about creating permanent filters or advanced IPSec filter scripts, see other Member Server enhancement processes in the module. Finally, this script is configured to not distribute the created IPSec Policy. The IP Security Policy Management Unit can be used to check the created IPSec filter and distribute the IPSec Policy for it to take effect.
We have explained the enhanced settings that should be taken to protect the security of the IIS server in your environment. Most of the settings we discuss are configured and applied through group policies. You can link a group policy object (GPO) that provides beneficial supplements to MSBP to the Organization (OU) that contains the IIS server, so as to provide more security for the services provided by these servers.
Some of the settings we discussed cannot be applied through group policies. This chapter describes how to manually configure these settings. In addition, we also detail the creation and application of IPSec filters that can control the network communication type between IIS servers.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
