IIS and ASP security protection during installation

IIS is the abbreviation for Internet Information Server, it is Microsoft's main push server, the latest version is Windows2000 contains IIS 5,iis and WINDOWNT server fully integrated, Thus users can take advantage of Windows NT Server and NTFS (NT http://www.aliyun.com/zixun/aggregation/19352.html ">file System"), NT File system built-in security features to build strong, flexible and secure Internet and intranet sites.

IIS supports HTTP (hypertext transmits Kyoto, Hyper-Text Transfer Protocol), FTP (file transmits Kyoto, Files Transfer Protocol), and SMTP protocol, by using CGI and ISAPI, IIS can be highly extensible.

IIS supports language-independent scripting and components that allow developers to develop a new generation of dynamic, glamorous web sites. IIS does not require developers to learn new scripting languages or to compile applications, IIS fully supports VBSCRIPT,JSCRIPT development software and Java, and it also supports CGI and wincgi, as well as ISAPI extensions and filters.

One: Preface

(This article only thanks to Yuncheng webmaster Circle, Yuncheng Internet circle.) Not you, I may not have Yuncheng peak network. Oh!)

People say, bitten, ten years afraid ... That's it. At the beginning of 2007, when I finally got rid of Winnt 4.0 server that terrible patch trip, toward Win2000 server. I can finally be more comfortable with my server. But with SP1 patches appearing. I know, and Microsoft's patch karma began to cycle again. But it's okay. Win2000 Automation Management or let me rest assured a lot, and the previous management of Winnt after the insomnia symptoms have gradually disappeared. Occasionally I can see my "dream" brother.

But all this was lost in a heart-to-heart conversation with Bigeagle. A。 Bigeagle sent to QQ. Showed me a piece of code. I see that this is not bigeagle code, so rotten, but a bit familiar. Another look. Ah?! This is not my database connection string!! GOD. Suddenly felt an ominous omen. But fortunately, this is just a access, I also used some means to prevent him from being downloaded. But it's enough to keep me awake for a long time. (Again, Bigeagle is not a snake, he is an eagle)

Two: IIS and ASP security protection during installation. (This is only a Web server, not a Web development platform on a local machine.) )

The next few days are a few tough days. I started redeploying the security policy for the Win2000 Web server.

Find the reason that the ASP code is leaking, original. Every time I play the patch is more timely. But once IIS was uninstalled because of uninstalling FTP, I did not patch it up and caused the latest vulnerability web resolution error. (That is, the newer vulnerability translate:f use this plus some tools to see the ASP's code.) )

First, start reloading IIS.

The strategy for this installation is security and adequate. Get rid of some extra stuff.

One: FTP do not install, the function is not good, but also error prone, and the loophole is very big. FTP default transmission password process is clear text transmission, it is easy to intercept. (You may consider using a third-party tool.) )

Second: All instances, documents do not install. This is on the Web server, preferably without these examples, and it turns out that the IIS defenses can be breached from these example sites.

Third: Select the Site directory when installing, it is recommended not to use the default directory C:inetpub, the best installation path is not the system disk. For example: D:iisweb, you can consider your own directory. This way, even if IIS is breached, the system files can be protected as well as possible.

Four: Do not install HTML remote administration. HTML remote management in Winnt 4.0 can also be used, but the vulnerability is relatively large, and more dangerous, although the port number is random, but it is easy to be scanned, thus leaving hidden dangers. In fact, we can manage him through IIS on another server. It's safer.