Simple ten steps to secure an IIS Web server

Source: Internet
Author: User
Keywords Security server step Top ten IIS
Tags *.h file access an application anonymous application applications behavior computer
Protect Iis:1 with 10 steps below. Install an NTFS device specifically for IIS applications and data. If possible, do not allow iuser (or any other anonymous user name) to access any other device. If an application fails because an anonymous user cannot access a program on another device, immediately use Sysinternals's Filemon to detect which file is inaccessible, and then transfer the program to the IIS device. If this is not possible, iuser access is allowed and only the file can be accessed. 2. Set NTFS permissions on the device: developers = Full (all permissions) Iuser = Read and execute only (read and Execute permissions) System and admin = Full (all permissions) 3. Use a software _blank " > firewall to verify that no end user has access to ports other than port 80 on the IIS computer. 4. Lock your computer with the Microsoft tools: IIS Lockdown and URLScan. 5. Enable the IIS event log. In addition to using the IIS event log, if possible, try to enable event logging for the _blank > firewall. 6. Remove log files from the default storage location and ensure that they are backed up. Create a duplicate copy of the log file to make sure that the copy placed in the second position is available. 7. Enable Windows auditing on your computer because we are always missing enough data when we try to track the behavior of those attackers. The script then sends a report to the administrator by using the audit log and possibly even having a script to audit for suspicious behavior. This may sound a bit extreme, but it's the best option if security is important to your organization. Establish an audit system to report any failed account logon behavior. Also, like the IIS log file, change its default storage location (C:\winnt\system32\config\secevent.log) to another location and make sure it has a backup and a duplicate copy. 8. Generally, do your best to find articles on security (from different places) and follow them in practice. In terms of IIS and security practices, they usually say something better than what you know, and don't just believe what other people (like me) tell you. 9. Subscribe to an IIS defect list message and keep reading it on time. One of the lists is the X-force Alerts and advisories 10 of the Internet security BAE (Internet Safety System). Finally, make sure that you update Windows regularly, and verify that the patch was successfully installed. Responsible Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original: simple ten Steps to protect IIS Web server security Back to network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.