Locking Down IIS

For Web applications using IIS, ensure that Windows is secured by following the fundamental lockdown principles and both the Windows client lockdown and Windows server lockdown steps. The following sections apply to both IIS and ASP.NET.

Disable Unnecessary Internet Services

A full IIS installation might include SMTP (for mail), the FTP service, Microsoft FrontPage server extensions, MSMQ (Microsoft Message Queuing), NNTP (Network News Transfer Protocol), and the World Wide Web publishing service (for hosting Web sites). Each of these services increases the attack surface of your server. You’d be very wise to disable the services that aren’t in use. The IIS Lockdown tool will disable services based on the server role you choose. ...

Get Security for Microsoft® Visual Basic® .NET now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security for Microsoft® Visual Basic® .NET by

Locking Down IIS

Disable Unnecessary Internet Services

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly