How to enhance WEB server, IIS 5 security

[Lawford]

Web services in any network are the most vulnerable to attack. Maybe you are using the most popular Web server, Microsoft's Internet Information Server (IIS). Despite the recent release of IIS 6.0 enhances security, but it is not a panacea. Therefore, I need to know how to enhance WEB server, IIS 5 security. I will be waiting for the related replies.

[deveritt]

Using IIS only the components relevant to the needs and related to business. One of IIS 6.0 changes, IIS is only used by default static Web services indispensable. Pay attention to maintaining this configuration, only the services you really need to open.

[Techguru01]

Assigned to the IUSR_systemname severely restricted access to the account. Running many applications on the server calls IUSR (Internet users) account, on behalf of unauthorized network users to interact with the system. This actually limits the account to the server, the operation of the necessary permissions.

[johnson22]

Real-time updates using the automatic update security patch. While the new version of the previous versions in terms of security there is a significant improvement, if history repeats itself (Microsoft often seems the case), the release of version 6.0 will soon because of security reasons there is one or more patches. To enable automatic updates to ensure you receive the patch as soon as possible.

[Jackson2]

The new version of the most notable feature is that you can enable the Rapid-Fail Protection (Rapid-Fail Protection) function. This will make your server from the impact of security incidents and performance, usually in a very short period of time caused by failure of the process too many times, such as failures or malicious attacks. When this happens, the network management services to close the application pool, to prevent further failures occur, so that the application is not available until the administrator after treatment.

[Techno01]

Strict limits for remote management. In any management server can be a great place, but you have to ensure that only authorized users can be the case. You should require all remote administrators to use a static IP address to log in and log on to limit the security of pre-specified IP addresses. You should use strong authentication.