What are the points should be considered while securing IIS web server?

Usually, the majority of Web site design goals are: the most vulnerable in a manner acceptable for visitors to provide immediate access to information. In the past few years, an increasing number of hackers, viruses and worms, security issues arising from a serious impact on Web site accessibility, even though Apache servers are often targets for attackers, but Microsoft's Internet Information Services (IIS) Web server are the real sense of the target of public criticism. So I need to know the points that should be considered for protecting IIS web server.

The first time you have to update all of the upgrades in a timely manner, and to lay all the patches for the system. To consider all of the updates downloaded to your network on a dedicated server and the machine on the Web-released them in the form of the document. Through these work, you can prevent your Web server to accept direct Internet access.

This tool has many practical advantages, however, please use this tool carefully. If your Web server and other servers interact, first test the preventive tool to make sure it has been correctly configured to ensure that it will not affect the Web server and the communication between other servers. The easiest way to access a computer is through the FTP access. FTP itself is designed to meet the simple read / write access, if you implement authentication, you will find your user name and password through the form of clear text transmission on the network. SMTP is another folder to allow write permissions. By disabling the two services, you can avoid further hacking

Many of the attacks were aimed at inetpub this folder, and placed inside a number of attack tools, resulting in paralysis of the server. To prevent this attack is the easiest way to IIS Lane will be the default site is disabled. Then, as Wang Chongmen through IP address to access your site (they may need to access hundreds of thousands of day, IP address), their request may be trouble. Your actual Web site points to a folder in the back partition, and must include the NTFS security permissions (NTFS in the later part of the detail).

I have recently entered the classroom, from the event viewer found a lot of potential hackers. He or she entered the lab domain structures deep enough, so that any user can run the password cracking tool. If you have users weak passwords (for example, "password" or changeme "or any dictionary words), then the hacker can quickly and simply the invasion of these users account. If the network administrator is the only Web server has write access to people, there is no reason to allow any shares exist. Sharing is the greatest temptation to hackers. In addition, by running a simple loop batch file, hackers can view a list of IP addresses, use the command for Everyone / Full Control permissions to the share.

Disable TCP / IP protocol in the NetBIOS: This is cruel. Many users want to access through the Web server UNC path name. With the NETBIOS is disabled, they cannot do it. On the other hand, with the NETBIOS is disabled, hackers cannot see your LAN resources. This is a double-edged sword, if the network administrator to deploy this tool, the next step is how to educate Web users how to NETBIOS case of failure messages.