The goal for this phase of the review is to identify vulnerabilities in the configuration of the base operating system on your Web server. This does not include IIS configuration, which is dealt with separately. For further background information about the issues raised by the review questions in this section, see Chapter 16.
To help focus and structure the review process, the review questions have been divided into the following configuration categories:
Patches and updates
Files and directories
Auditing and logging
Verify that your server is updated with the latest service packs and software patches. You need to separately check operating system components and ...