Windows+iis Server infrastructure Security Configuration method

1, back door to prevent basic skills

2. Security Configuration Web Server

If a company or enterprise has a home page, how can you guarantee the security of your Web server?

The first is to turn off unnecessary services, followed by the establishment of security account policies and security logs, and the third is to set up secure IIS, remove unnecessary IIS components, and perform IIS security configuration.

In the IIS security configuration, be careful to modify the default "Inetpub" directory path. You can delete the "inetpub" directory in C disk, then rebuild a "inetpub" in D disk, and then point the home directory to the newly established "Inetpub" path in IIS Manager. In addition, you need to delete the default "scripts", "print" and other virtual directories, and then delete the unnecessary mappings in IIS Manager, in general, you can leave the ASP, ASA.

By right-clicking the host name in the IIS Information Services Manager, selecting the "Properties" → "Home directory" tab, clicking the "Advanced" button, you can delete the unnecessary mappings in the "Mapping" tab. In addition, select the Web Site tab in the Properties window. Then check "Enable Log" and select the "Use the expanded log file format" item to record the client IP address, user name, server port, method, Uri root, HTTP status, user agent, and so on, and review the log daily.

After working on the basics above, you also need to set the access rights for the Web site directory.

In general, do not give directories to write and allow directory browsing permissions, only given. The ASP file directory is scripted for permissions, not for execution permissions. In the IIS Information Services Manager, expand the Web site's virtual directory, and then right-click a virtual directory, select the "Properties" → "virtual directory" tab, under "Local Path" to set permissions for the directory to read or directory browsing, and so on. You can also set user directory permissions strictly by using the NTFS partition format.

And for the most core data in the enterprise, but also to strengthen the Access database tutorial download protection.

When you use Access as the background database, it is dangerous to download the Access database file if someone knows or guesses the path and database name of the server's Access database in various ways. Therefore, in general, to change the default database file name, for your database file names a complex unconventional name, and put it in a relatively deep file directory. Alternatively, you can add an open password to the Access database file.

Open the IIS Web Site Properties Settings dialog window, select the Home Directory tab, and click the Configure button to open the Application Configuration dialog window. Then, click the "Add" button, enter "ASP tutorial. dll" in "Executable", and enter in "extension". MDB, check the "limit to" item and enter "Prohibit" to determine the settings after the application is complete. Later, when intruders attempt to download data, they are prompted to prohibit access.