Windows > Server Security & Hardening

Secure Files and Directories in IIS

(1/1)

nirmal:
Hi all,

How to secure Files and Directories                         
               
Use multiple disks or partition volumes and do not install the Web server home directory on the same volume as the operating system folders.         
Contain files and directories on NTFS volumes.                            
Put Web site content on a non-system NTFS volume.                            
Create a new site and disable the default site.                            
Put log files on a non-system NTFS volume but not on the same volume where the Web site content resides.
Restrict the Everyone group (no access to \WINNT\system32 or Web directories).                         Ensure Web site root directory has deny write ACE for anonymous Internet accounts.                   
Ensure content directories have deny write ACE for anonymous Internet accounts.                         Remove remote IIS administration application (\WINNT\System32%#92;Inetsrv\IISAdmin).                   
Remove resource kit tools, utilities and SDKs.                            
Remove sample applications (\WINNT\Help\IISHelp, \Inetpub\IISSamples).                            
Remove IP address in header for Content-Location.

Thank you

Navigation

[0] Message Index