Member
Hi everybody,
I am using IIS as a web server, But it contest has been a disadvantage. The default under Windows NT is installed as an open server, even the hacker can succeed. But as long as I want to know the steps for improve the security of IIS. Please suggest. Thanks in advance.
Member
You need to install IIS, the system to establish a prefix is IWAM_ (an early version is IUSR_) account, the account belongs to Guest group, be able to access the Guest group and the Everyone group permissions to all files. Missing in the province Installation, 90% of the system files can be the user access. It seems a solution is to remove all of the everyone group permission, but in fact doing so will not work. Because IIS is not only to access the HTML file, also called Script and ActiveX controls, DLL also involved the implementation of the abolition of all system in the Everyone group permission to make such kind of problems. So, you want to use some system security tools. All the best.
Member
You need to install the System Security Tools. Familiar with the following NT system's own security tools is very important:
# User Manager (usrmgr.exe)
# IIS 4.0: Microsoft management console (MMC.EXE)
# IIS 3.0: Internet service manager (INETMGR.EXE)
# Registry editor (REGEDT32.EXE)
# Command line ACL editor (CACLS.EXE)
This tool may know a few people, but also NT own, used to manage access control list (ACL).
All the best.
Member
You need to use a dedicated Web security group.
(1) With the user manager to establish a local group called the WWW
(2) Will IWAM_ account from the Guests group, delete, add WWW Group
(3) Gives WWW group "access this computer from the network" permissions, so that IIS can perform a local logon operations
(4) restart WWW service
(5) In the Web root directory, the implementation of the command-line operation.
Check and reply.
Member
You need to remove the Everyone group from IIS. After the completion of the above operations, Internet users can only view allowed by the file. But this is not enough, because the everyone group also exist, and now everyone needs to group all the files from your computer to clear out. However, everyone clear the group does not like the thought that simple. The default, many Microsoft DLL file in the ACL only out everyone in the group. If you hit a pole in the end, these DLL file is that no one can visit. Delete everyone because a group, ACL on the empty, empty ACL means that any visitor does not have permission. All the best.
Member
If your system includes a database or ActiveX, such as search engines, guest book or something, you will need execution:
At this time, you may find from the Web, are still unable to update the guest book, or even a database read operations can be implemented. If this occurs, you must connect to the database using ODBC. The problem lies in the ODBC of the temporary file. When the ODBC established, the system creates a temporary file record locking information. The default, these files are stored in the system32 directory. Internet user is not present in the directory to write and create permissions. Better solution is to specify a different directory of Internet users have permission to store the temporary files ODBC. All the best.Code:CACLS / T / E / C / G WWW: C
Posting Permissions
Reply With Quote
Bookmarks