IIS 5.0 Security Checklist

November 27, 2006 / Web Hosting

The Windows section of the forum needs some work considering the fact that we operate on both Linux and Windows servers, of course compensating for the number difference among them.

Hence I would like to take the opportunity presented by the forum to start a topic on Security in IIS. I hope it interests all of you enough to put in some postings of your own.

Let’s start with the simplest of things to be undertaken to implement a secure Site in IIS

  1. Configure IPSec Policy
  2. Secure the Telnet Server
  3. Disable NetBIOS over TCP/IP
  4. Use the security template Hisecweb.inf to configure basic Windows 2000 system wide policy.

Hisecweb.inf template is used as a baseline applicable to most secure Web sites.

Of course, due considerations need to be given to the functionality and security issues. This is important as with an increase in security, there is a corresponding decrease in functionality. These issues should be sorted and chalked out before any security arrangement is implemented. Hope you enjoyed reading it. You can get in touch with the bodHOST support team at any anytime.