The following is what I have talked about the collection and experience of IIS security. If you don't write, please don't see it.
IIS 11 steps
1: Turn off the system port method as follows: Online Neighbor - Properties - Local Connection - Properties - Properties - Internet Protocol - Properties - Advanced - Options --TCP / IP Filter - Properties - Open here The port you want to open - determine
General only only 80
2: Server If you don't need to support remote management, you share the network files and printer sharing of local networks and printers.
3: Turn off the advanced TCP / IP settings - Wins Options - Disable NetBIOS 'on TCP / IP
4: Set the anti-PING policy in the Group Security Policy, the specific operation is as follows.
Step 1: Add an independent management unit
Start - run, enter: MMC, start opening the Console window. Click Add / Delete Syringes in the Console menu, click the Add button, select the IP Security Policy Management item in the pop-up window, click the Add button. Select the Management Object to "Local Computer" in the open window, click the "Finish" button, close the "Add / Remove Management Unit" window and return to the main console.
(Figure 1)
Step 2: Create an IP Security Policy
Right-click the "IP Security Policy, in Local Machine" (Figure 2), select Create IP Security Policy, click Next, then enter a policy description, such as "NO PING". Click Next, select the "Activate the Default Response Rule" copy option, click Next. Start setting authentication mode, select "This string is used to protect key exchange (pre-shared keys) option, then enter some characters (Fig. 4). Click Next, you will be prompted to complete the IP security policy. Confirm the "Edit Properties" check box, click the Finish button, open its Properties dialog.
Figure 4)
Step 3: Configure security policies
(Figure 5) Click the "Add" button and click Next to click Next to make a tunnel end setting, select "This rule does not specify tunnel". (Figure 6) Click "Next" and select "All Network Connections" to ensure that all your computer is ping. Click Next, set your authentication method, select the third option as above, "This string is used to protect key exchange (pre-shared keys) and fill in the same content as just now. Click Next, click the Add button in the Open window to open the IP Filter List window. (Figure 7) Click "Add", click Next, set the source address as "My IP Address", click Next, set the target address as "any IP address", click "next step. ", The selection protocol is ICMP, and now click" Finish "and" Close "button to return. At this time, you can see the filter just created in the IP filter list, click Next, select the filter to "Require Safe Settings" option (Figure 8), then click "Finish "," Close "button, save related settings to return to the management console.
(Figure 8)
Step 4: Assign security strategy
Finally, just right click on the Configure Table Item Node, select the Assignment command to take effect (Figure 9). After the above settings, when other computers will ping the computer, it will not communicate. But if you ping your local computer, you can still communicate. This method is effective for Windows 2000 / XP. 5: First, remove the C disk, what INETPUB directory is completely deleted, build a inetpub in D disk (if you don't feel relieved with the default directory name, you can remember) Point the main directory in the IIS manager. D: / inetpub; Second, the default Scripts and other virtual directories in the IIS installation are deleted (the source of sin, forget http://www.target.com/scripts/..
