IIS 6.0 Best Practice - A Joke?
July 22nd, 2005
Microsoft has released a list of best practices for IIS 6.0 and well just take a look…
Log on with the least credentials. Log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator.
Okay, this makes sense and I’m sure a lot of administators don’t do this, so we’ll let this one slide…
Reduce the attack surface. Disable all services you do not need, including IIS services such as FTP, NNTP or SMTP. If a feature or service is not enabled, then there is no need to secure it.
umm, duh?
Do not download or run programs from untrusted sources. Programs can contain instructions to violate security in a number of ways including data theft, denial of service, and data destruction.
I really doubt windows admins need to be told this…
Keep virus scanners up to date. Virus scanners frequently identify infected files by scanning for a signature that is a known component of a previously identified virus. The scanners keep these virus signatures in a signature file, which is usually stored on the local hard disk. Because new viruses are discovered frequently, this file should also be updated frequently for the virus scanner to easily identify all current viruses.
Common Sense…
After those first few though, they do provide some good ones that I am sure many administrators do not do. So if you run an IIS Server, be sure to check out Microsoft’s IIS 6.0 Best Practices
Entry Filed under: IIS Security
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed