Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best Practices For Securing IIS ??

Status
Not open for further replies.
beefeater267

beefeater267

Programmer
Apr 6, 2005
79
0
0
Hi,

I recently opened up my web server to the world and checked the logs after 1 hour and saw what looks like security threats. (Random IPs trying to GET wierd files).

Does anyone have any best practices tips for securing IIS against attacks?

 
Sort by date Sort by votes
use anonymous access on everything... and the account used for anonymous access is a local account with no privilages to the rest of your network, so that way if the account is compromised only the web server can be harmed. actually it is best if this local account only has permissions to the \inetpub directory and nothing else on the computer. also make sure to disable/delete the IISAdmin, IISHelp, and IISSamples virtual directories that are created often by default installation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
236
gbaughma
gbaughma
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
101
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
141
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
87
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top