IIS 7.0, much like its predecessor, comes with secure defaults that minimize the risk of exploits against the Web server. As you deploy your applications to the Web server and change configuration, you should familiarize yourself with the configuration and features to make sure that you do not introduce any threats to the Web server. In this chapter, you have reviewed the security changes and new security features in IIS 7.0 that can help you maintain the security of the Web server.

Unfortunately, history has shown that most Web server exploits are directed at the application running on the Web server rather than at the Web server itself. Applications are often tested less rigorously then the Web server features and are often designed with ...