Three tips for securely setting up Microsoft IIS servers

Source: Internet
Author: User
Tags iis web services microsoft iis
Your site is often black, or a no attention to become a hacker's "chicken"? For Web site servers, if not security settings, it is easy for hackers to "stare", at any time there is the risk of intrusion. What, you think the security settings are complicated? It doesn't matter, with the three ways we've described IIS server security settings, it's a good way to protect against attacks.

Basic settings Good patch Delete share

Personal owners often use Windows servers, but we often do not have specialized technicians for security settings through leased or hosted servers, which leads to some common basic vulnerabilities that still exist. In fact, as long as the simple installation of the server patch, you can prevent most of the vulnerabilities of intrusion attacks.

After the server has installed the operating system, it should complete the installation of various patches before it is officially enabled. The server's patch installation method is similar to the XP system we use, and there is no more to repeat.

Do a basic patch installation, more important is to set up an accessible port, usually the server only need to open the required port to provide Web services, other unnecessary ports can be prohibited. It should be noted, however, that the remote port 3389 of the Management server must not be banned.

Deleting the default share is also a must-have step, the server open sharing is very likely to be virus or hacker intrusion, thereby further power or delete files, so we should try to close file sharing. There are several ways to remove the default share, such as using the net share C $/delete command to turn off the default share feature of the C disk.

Permission assignment prevents virus Trojan intrusion

Good server permissions can minimize the harm, and if each IIS site has different permissions, it is difficult for hackers to invade the entire server by means of a side-note attack. Here is a brief introduction to the method of permission setting.

In the system, the permissions are divided according to the user's way, to manage users, you can open the server in turn "start → program → management tools → Computer Management → Local Users and groups", you can see the Management Server all the system users and user groups.

When partitioning a server, you need to divide all the hard disks into NTFS partitions, and then you can set the permissions that each partition opens for each user or group. You can set permissions on a file or folder by right-clicking on the folder where you want to set permissions, and choosing properties → security.

For a Web site, you need to assign an IIS anonymous user to each site, so that when users visit your site files, they have the most permissions to the site directory, which is a good way to prevent other sites from being invaded.

Component management makes unsafe components disappear

The server supports many components by default, but these components can also be compromised, and the most dangerous components are WSH and shells, because they can run EXE programs on the server's hard disk, such as they can run a power-raising program to elevate Serv-u permissions and even use Serv-u to run higher-privileged system programs.

The easiest way to uninstall the most insecure components is to delete the appropriate program files directly.

Tips: In addition to the above security settings, some operational details also need attention, such as not browsing the Web page on the server, to install anti-virus software to the server, installation to prevent ARP attack software and other security procedures.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.