15 techniques to protect IIS usually, most web sites design goals are: Provide immediate information access to visitors with the most easy acceptable way. In the past few years, more and more security problems brought by hackers, viruses and worms have seriously affected website accessibility, although Apache servers are often an attacker's goal, however Microsoft Internet Information Services (IIS The web server is the true meaning of the true meaning. Advanced educational institutions often find balance between building full of vitality, interface-friendly websites or build high security websites. In addition, they must now be committed to improving website security to face the technology budget in the reduction (in fact, many of their private sectors are also facing similar situations). Because of this, I will provide some techniques for the university IT manager of the budget and headache to help them protect their IIS servers. Although mainly in the university IT professionals, these techniques are basically applicable to IIS managers who want to improve security through a small amount of budget. In fact, some of this techniques are also very useful for IIS managers with powerful budgets. First, develop a security policy to protect the first step in the web server is to ensure that the network administrator knows each system in the security policy. If the company's high-rise does not regard the safety of the server as an asset that must be protected, then the protection work is completely meaningless. This work needs long effort. If the budget does not support or it is not part of a long-term IT strategy, it takes a lot of time to protect the server security administrator will not receive important support from management. What is the direct result of network administrators to establish security for all parties? Some users who especially adventure will be closed. Those users will then complain that the company's management, management personnel will ask questions about the network administrator. Then, the network administrator has no way to establish a document that supports their safety work, so the conflict has occurred. By labeting a security policy for Web Server Security Levels and Availability, network administrators will be able to deploy a variety of software tools to different operating systems. IIS security techniques Microsoft's products have always been the sky, so IIS servers are particularly easy to become an attacker's target. After you know this, the network administrator must prepare a large amount of security measures. I will provide you with a list, the server operator may find that this is very useful. 1. Keep Windows Upgrade: You must update all upgrades in a timely manner, and make all the patches for the system. Consider downloading all updates to a dedicated server on your network, and publish files in the form of the machine. With these work, you can prevent your web server from accepting direct Internet access. 2. Use IIS Prevent Tools: This tool has many practical advantages, however, please use this tool with caution. If your web server is interacting, first test the tools to determine it has been properly configured to ensure that it does not affect the communication between the web server and other servers. 3. Remove the default Web site: Many attackers aim at the INETPUB folder and place some sneak attack tools inside, resulting in a servers. The easiest way to prevent this attack is to disable the default site in IIS. Then, because the ambiguity is accessing your website through the IP address (they may have to access thousands of IP addresses one day), their requests may have trouble. Point your true Web site to a folder of a back section and must contain secure NTFS permissions (which will be described in detail in the following NTFS). 4. If you don't need FTP and SMTP services, uninstall them: The easiest way to enter your computer is to access by FTP. The FTP itself is designed to meet simple read / write access. If you perform an authentication, you will find that your username and password are spread on the network through the form of a plaintext. SMTP is another service that allows write access to folders. By disabling these two services, you can avoid more hackers attacks.
5. Check your administrators group and services in regular: One day I entered our classroom and found that there is more than one user in the administrators. This means that someone has successfully entered your system, he or she might throw the bomb into your system, which will suddenly destroy your entire system, or take up a lot of bandwidth so that hacker is used. Hackers also tend to leave a helper service, once this happens, take any measures to be too late, you can only reformat your disk, recover your daily backup from the backup server. Therefore, check the list of services on the IIS server and keep as little service must be your daily task. You should remember which service should exist, which service should not exist. Windows 2000 Resource Kit brings us a useful program called TList.exe, which can list the services under Svchost under each situation. Running this program can find some hidden services you want to know. Give you a prompt: Any service containing several words with Daemon may not be the service contained in Windows itself, and should not exist on the IIS server. Want to get a list of Windows services and know what role they have, please click here. 6. Strictly control the server write access: This sounds easy, however, in the university campus, a web server actually has a lot of "author". Personnel want to make their classroom information can be accessed by remote students. Staff hopes to share their work information with other staff. The folder on the server may have an extremely dangerous access. One way to share this information or propagate is to install the second server to provide specialized shared and storage purposes, and then configure your web server to point to the shared server. This step allows network administrators to limit the write authority of the web server itself to the administrator group. 7. Setup complex password: I have entered the classroom recently and discovered many possible hackers from the event viewer. He or she entered the laboratory's domain structure is deep enough to run password crack tools for any user. If a user uses a weak password (for example, "Password" or CHANGEME "or any dictionary word), then hackers can quickly invade these users' accounts. 8. Reduce / exclude sharing on the web server: If the network administrator is The only person with a Web server write permission, there is no reason to let any share exist. Sharing is the biggest temptation for hackers. In addition, hackers can check a list of IP addresses, using // command to find Everyone / Full Control Permissions Sharing. 9. Disable NetBIOS in the TCP / IP protocol: This is cruel. Many users want to access the web server through the UNC path name. As NetBIOS is disabled, they can't do this. Another one Aspect, with NetBIOS is disabled, hackers can not see the resources on your local area. This is a double-edged sword. If the network administrator deploys this tool, how is the next step How to educate how Web users have invalidated in Netbios? In the case of information. 10. Use the TCP port to block: This is another cruel tool. If you are familiar with each TCP port of your server through legitimate reasons, then you can enter your network interface card attribute tab, choose tied TCP / IP protocol, block all the port you don't need. You must use this tool carefully because you don't want to lock your own, especially when you need to log in the server. To get a detailed detail of the TCP port, click here. 11. Carefully check * .bat and * .exe file: Search once a week * .bat and * .exe file, check if there is a hacker on the server, but to you It will be a nightmare executable. In these destructive files, there may be some * .reg files. If you right click and select Edit, you can find that hackers have made and allow them to enter Your system registry file.