The following ten steps can be used as the basis for protecting IIS.
problem
IIS (Internet Information Server) is a special goal that hackers specially likes. Therefore, for administrators who manage IIS web servers, ensure that server security is a crucial thing. The preset value installation of IIS 4.0 and IIS 5.0 is especially vulnerable.
solution
Take the following 10 steps to ensure IIS security:
A NTFS disk machine is set specifically for IIS applications and materials. If possible, IUSER (or any anonymous user) is not allowed to access any other disk. If the application encounters any questions caused by anonymous users without a license to access the program on other disk machines, then use Sysinternals's Filemon to find which file cannot access, then move the program to IIS Drive on a disk. If this is not feasible, iUser is allowed to only access this file. Set the NTFS permission on the disk machine: developers = FULL iUSER = read and execute only system and admin = FULL Use a software firewall to ensure that there is no end user (only R & D personnel) can access other other port 80 port. Use Microsoft tools to protect machines: IIS LockDown and Urlscan. Start using the IIS's log file (Logging) feature. In addition to the IIS record, if possible, the firewall log gear function is also used. Remove the recorded log (log) from the preset location and make sure you have been backed up. Establish a backup for the log profile, so that there is always a backup file that can be used in another location. Start the Windows Supervision Function (Auditing) on the machine, because when the behavior attempting to track the attacker will always find insufficient information. With the supervisory log, you can check any suspicious behavior by executing the script and then send a report to the administrator. This sounds like a little extreme, but if your company attaches great importance to safety, this method can be said to be very encouraged. Establish supervision functions to report all failed account login events. In addition, just like the previous IIS log, change the preset value (c: /winnt/system32/config/secevent.log) to another different location, and make sure you have a backup and have a copy of a copy. files. I often read some security articles (various sources). It is best to understand the IIS as much as possible, and conduct a comprehensive security practice, not just in accordance with others (such as I). Join the IIS Vulnerability Mail List and read it to master the latest state. This list has X-Force Alerts and Advisories from an Internet Security System. Finally, make sure you often perform Windows Update, and repeat the inspection and repair. It is really installed.
Original address: http://taiwan.cnet.com/enterprise/technology/0,2000062852,20090908,00.htm
