Securing IIS on a Windows server 2003

755 pts.
Tags:
IIS
IIS configuration
Microsoft Windows
Microsoft Windows Server 2003
Security
Windows Server 2003 security
How can I harden or configure IIS on a Windows server 2003 to be as secure as possible? It is hosting a admin site and that is all for now. We are running McAfee 8.7.1

Answer Wiki

Thanks. We'll let you know when a new response is added.

for my side, we actually harden the servers and patch the servers (windows) and IIS.

If there is any FTP sites, remove the Anonymous Login too

———-

Setting the site to only support HTTPS and requiring Windows Authentication is usually a good thing as well.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Subhendu Sen
    To hardening IIS on windows 2003 1. Start IIS Manager or open the IIS snap-in. 2. Expand Server_name, where Server_name is the name of the server, and then expand Web Sites. 3. In the console tree, right-click the Web site, virtual directory, or file for which you want to configure authentication, and then click Properties. 4. Click the Directory Security or File Security tab, and then under Anonymous and access control, click Edit. 5. Click to select the check box next to the authentication method or methods that you want to use, and then click OK. Another type of hardening is based on the requesting host instead of on user credentials. You can limit access based on source IP address, source network ID, or source domain name. To configure this : 1. Under IP Address and Domain Name Restrictions, click Edit. 2. Do one of the following: a) To deny access, click Granted Access, and then click Add. In the Deny Access On dialog box that appears, specify the option that u want, and then click OK. The computer, group of computers, or domain that you specified is added to the list. b) To grant access, click Denied Access, and then click Add. In the Grant Access On dialog box that appears, select the option that u want, and then click OK. The computer, group of computers, or domain that u selected is added to the list. 3. Click OK. Now quit IIS Manager or close the IIS snap-in.
    29,710 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following