Best Practices
Ensure that the base operating system is secure. The operating system must be secure on a server hosting the IIS service. If the operating system—including its services, user accounts, files system, or registry—is not secure, IIS is susceptible to vulnerabilities caused by the poor operating system security configuration.
Implement the strongest form of user authentication supported by users connecting to an IIS server. Weak authentication configuration can lead to the compromise of a user’s domain account and password. By enforcing strong authentication methods—be they integrated Windows or certificate-based methods—you provide the strongest protection of user credentials.
Assign the minimum required permissions for Web sites. ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
