By reviewing and improving the security of IIS configuration settings, you are in effect reducing the attack surface of your Web server. For more information about the review points covered in this section, see Chapter 16.
The review questions in this section have been organized by the following configuration categories.
Sites and virtual directories
The IISLockdown tool identifies and turns off features to reduce the IIS attack surface area. To see if it has been run on your server, check for the following report generated by IISLockdown:
For more information about IISLockdown, see "How To: Use IISLockdown" in the "How To" ...