Web services are the most vulnerable to attack in any network. Perhaps you are using the most popular Web server, Microsoft’s Web information server (IIS). Although the recent release of IIS 6 enhances security, it is not a panacea. You can take five simple steps to make your IIS 6 safer.
only enables IIS to be related to business requirements components
One of the changes to
IIS 6 is that IIS only defaults to the static web services that are indispensable. Be careful to keep this configuration, just open the service you really need.
strictly limits access to IUSR_systemname accounts for
Many applications running on the server
call IUSR (Internet users) account, on behalf of unauthorized network users interact with the system. This limits the power of this account to the server’s necessary operations.
automatically update security patches using auto update
Although the new version of
than the previous version in terms of security has a significant improvement, if history repeats itself (Microsoft seems so often), the release of version 6 soon because of security reasons there is a patch of one or more. Enable automatic updates to ensure that you receive the patch as soon as possible.
uses fast fail protection
The most notable feature of the new version of
is that you can make quick fail protection (Rapid-Fail Protection) functionality. This will prevent your server from being affected by security incidents and performance, often in a very short period of time, such as failures or malicious attacks. When this happens, the network management service closes the application pool to prevent further failures, causing the application to be unavailable until the administrator handles it.
strict restrictions on remote management
It’s great to be able to manage servers anywhere in the
, but you need to make sure that only authorized users can do so. You should ask all remote administrators to log in using a static IP address and log in to the pre specified secure IP address. You should also use strong authentication.
this is not a complete list of the steps you should take, these five simple methods can immediately improve the security status of the IIS server. Visit Microsoft IIs security center to learn more about IIS security information.