10 steps to protect IIS server security

IIS (Internet Information Server) is a favorite target for hackers. Therefore, for administrators managing IIS web servers, ensuring server security is a critical issue. The default installation of IIS 4.0 and IIS 5.0 is especially vulnerable.

Take the following 10 steps to ensure IIS security:

1. Set up an NTFS disk drive specifically for IIS applications and data. If possible, IUSER (or whatever anonymous user) is not allowed to access any other disk drive. If the application encounters any problems caused by anonymous users not having access to programs located on other disk drives, then use FileMon of Sysinternals to find which file the user cannot access, and then move the program to the IIS disk drive. on. If this is not possible, IUSER is allowed to access only the file.

2. Set NTFS permissions on the disk drive: Developers = Full IUSER = Read and execute only System and admin = Full

3. Use a software firewall to ensure no end users (only developers) ) You can access other ports on the IIS machine other than port 80.

4. Use Microsoft tools to protect the machine: IIS Lockdown and UrlScan.

5. Start using the IIS log file (logging) function. In addition to the IIS record, the firewall log file function is also used if possible.

6. Move the recorded log (log) away from the preset location and make sure it has been backed up. Make a backup of the log folder so that there is always a backup file available in another location.

7. Start the Windows auditing function on the machine, because there will always be insufficient data when trying to reverse the attacker's behavior. With the supervisory log, you can check any suspicious behavior by executing a script and then send a report to the administrator. This may sound a bit extreme, but if your company attaches great importance to safety, this approach can be said to be very encouraging. Establish a monitoring function to report all failed account login events. Also, just like the previous IIS logs, change the default location (c:\\winnt\\system32\\config\\secevent.log) to a different location and make sure you have a backup and have a copy of the copied file. .

8. Read more safety articles (of various sources). It's best to understand IIS as much as possible and to implement a comprehensive security approach, not just to follow the experience that others (such as me) tell you.

9.Join the IIS vulnerability mailing list and read it to get the latest status. This list includes X-Force Alerts and Advisories from the Internet Security System.

10. Finally, make sure you perform Windows Update frequently and double check that the patch is actually installed.