Defenses Against IIS Attacks
Many of the attacks we have explored in this chapter have various levels of impact, depending on how IIS is implemented and the conditions present within the deployment architecture. Although Microsoft has begun to tighten down the default configuration of IIS over the last few releases, there are still considerations that should be explored before moving a freshly installed IIS server from a staging environment into a production environment. Some of these considerations are simple to address and implement and others may require a good long look at the architecture of your network and Web applications. At a minimum, organizations should review the following recommendations and implement them accordingly; however, ...
Get Seven Deadliest Microsoft Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
