The following six steps are involved in IIS server security:
1. Use the Security Configuration Wizard to determine the minimum functions required by the web server, and then disable other functions that are not required. Specifically, it can help you
1> disable unwanted services
2> block unused ports
3> further restrictions on accessible addresses and other security measures for opened ports
4> disable unnecessary IIS web extensions if feasible
5> reduce the exposure of SMB, LAN Manager, and LDAP protocols
6> define a countermeasure with High Signal-to-Noise Ratio
2. Place the website file on a non-system partition to prevent directory traversal defects and perform NTFS permission inspection (Audit) on the content ).
3. Perform regular security scanning and inspection on your system, and discover your weaknesses as early as possible before others discover problems.
4. Perform regular log analysis to find multiple failed login attempts, and the 404,401,403 error that occurs repeatedly, instead of the request records for your website.
5. If IIS 6 is used, Host Headers and URL scanning are used to implement automatic website content and IIS Metabase Replication, and standard names are used for IUSR_servername accounts.
6. Overall web architecture design philosophy: Do not put your internet web server in the Active Directory of the Intranet, do not run IIS Anonymous Authentication with the Active Directory account, and consider real-time monitoring, carefully set the application pool settings, and strive to log any activity and prohibit Internet Explorer on the server.
You are reading: tip: how to reinforce IIS server security on the Internet
- Database Server security permission control policy
- Network Management Tips: How to easily manage servers
- Guide CD to troubleshoot server faults in Linux