10 steps to protect IIS web server

Problem

IIS (Internet Information Services) is an object that hackers like to attack. Therefore, locking IIS is critical for managing IIS web servers. There are many vulnerabilities in the default settings for IIS 4.0 and IIS 5.0.

Solution

Protect IIS with the following 10 steps:

1. Install an NTFS device specifically for IIS applications and data. If possible, do not allow IUSER (or any other anonymous username) to access any other device. If the application has problems because anonymous users cannot access programs on other devices, immediately use Smoninters's FileMon to detect which file is inaccessible and transfer the program to the IIS device. If this is not possible, IUSER is allowed access and can only access this file.

2. Set NTFS permissions on the device:
Developers = Full (all permissions)
IUSER = Read and execute only
System and admin = Full Permissions)

3. Use a software firewall to verify that no end users have access to ports other than port 80 on the IIS computer.

4. Lock the computer with Microsoft Tools: IIS Lockdown and UrlScan.

5. Enable the IIS event log. In addition to using the IIS event log, if possible, enable the event log for the firewall as much as possible.

6. Remove the log files from the default storage location and ensure that they are backed up. Make a duplicate copy of the log file to ensure that this copy in the second location is available.

7. Enable Windows auditing on your computer, because when we try to track the behavior of those attackers, we always lack enough data. By using the audit log, it is even possible to have a script to audit suspicious behavior, which will then send a report to the administrator. It sounds a bit extreme, but if security is important to your organization, this is the best option. Establish an audit system to report any failed account login behavior. Also, like the IIS log file, change its default storage location (c:\\winnt\\system32\\config\\secevent.log) to another location and make sure it has a backup and a duplicate copy.

8. In general, do your best to find security articles (from different places) and follow them. In terms of IIS and security practices, what they say is usually better understood by you, and don't just convince other people (such as me) to tell you something.

9. Subscribe to an IIS defect list email and keep reading it on time. One of the lists is X-Force Alerts and Advisories for Internet Security Systems.

10. Finally, make sure you update Windows regularly and verify that the patch was successfully installed.