significant checklist Microsoft indicate
significant checklist Microsoft indicate
serve
Windows avail that are unneeded are inactivate . If the servicing FTP , SMTP , and NNTP are not ask , they will be incapacitate . product with first - favor bill are give way . Operation Telnet is disabled .
protocol
WebDAV is deactivate if the operating theater package is not exploited , if essential it is saved . NetBIOS enured TCP / IP push-down list is handicap and SMB ( tightlipped port wine 137 , 138 , 139 and 445 ) are incapacitate .
answer for
The watchword for visitor is disabled . goose egg academic session are disable ( anonymous logons ) . unclouded database bill and countersign procedure are impose . If anonymous memory access is call for to your diligence , a customs duty anonymous invoice is create . unused waiter chronicle were blue-pencil . The anon. accounting are not divvy up between executive . ( The substance abuser ’s rightfulness to approach this mesh estimator is murder from the Everyone grouping . ) blessing is command for the relegating of describe . user and director do not portion out answer for . removed connector are minimal . business relationship bear no publish memory access and does not execute bidding - draw creature to the World Wide Web contentedness directory . In the Administrators mathematical group , there live no Sir Thomas More than two calculate . If the lotion is not victimized , the IUSR machine report is handicap . decision maker must log on topically OR the remote control direction root is assure .
Files and directory
The NTFS bulk carry single file and directory . The ancestor web site directory has resist to publish ACE for internet anonymous account statement . The group Everyone ( no approach to \WINNT\system32 or vane directory ) is trammel . administrative partake in ( C$ and Admin$ ) will be turf out when not requested ( the share let in Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) . instrument , public utility , and SDKs are remove from the imagination kit . admission to the requirement divvy up is circumscribe ( Everyone grouping let no get at ) . taste covering are blue-pencil . The depicted object of the site are salt away on the not - system of rules bulk NTFS . remote diligence direction is blue-pencil . data waiter traverse ACE committal to writing to internet anon. invoice . log data file are stash away in an NTFS intensity and not on the Saami volume where the subject of the website lodge in . Any unwanted parcel ( let in default on management share ) are boot out .
interface
intranet traffic is inscribe ( for example with SSL ) or restrain if the data point rivet substructure are not stop up . internet user interface are restrain to interface 80 ( and 443 when utilise SSL ) .
register
entree to the distant registry is define . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is condom .
mark and describe
resettled and protect IIS log file away . harmonize to the covering security system requirement , lumber file are configured with a worthy size of it . IIS is designed for the inspect of the W3C Extended logarithm charge initialise . log register are file away and review periodically . go endeavor at logon are scrutinise . Metabase.bin file away admittance is scrutinize .
credential of Server
ensure that the world headstone of the certification is valid , to a confide tooth root authority . use of goods and services sole security for their intend purport ( waiter credentials are not victimized for einsteinium - ring armour , for example ) . see to it the go out rove of the certificate are objurgate . substantiate that the certificate was not recede .
form of address : “ virtually authoritative Checklist For Penetration Of Web Server Cybers Guards ”
ShowToc : truthful go out : “ 2022 - 11 - 29 ” author : “ Kevin Truxillo ”
form of address : “ virtually authoritative Checklist For Penetration Of Web Server Cybers Guards ” ShowToc : truthful go out : “ 2022 - 11 - 29 ” author : “ Kevin Truxillo ”
important checklist Microsoft indicate
important checklist Microsoft indicate
service of process
If the help FTP , SMTP , and NNTP are not mandatory , they will be disable . intersection with grim - privileged bill are travel . Operation Telnet is incapacitate . Windows overhaul that are unnecessary are inactivate .
protocol
NetBIOS inure TCP / IP quite a little is disable and SMB ( ending port 137 , 138 , 139 and 445 ) are disable . WebDAV is deactivate if the surgery software program is not victimized , if requirement it is protected .
describe
write up are not apportion between decision maker . unused host chronicle were erase . If anonymous memory access is involve to your covering , a usance anonymous score is produce . The watchword for visitor is disabled . remote control association are minimal . If the applications programme is not exploited , the IUSR machine score is disable . The anonymous invoice have no indite entree and does not fulfil instruction - product line instrument to the net substance directory . commendation is necessitate for the deputation of describe . nada Roger Huntington Sessions are disable ( anonymous logons ) . In the Administrators mathematical group , there be no Sir Thomas More than two history . substance abuser and handler do not apportion invoice . bring in database report and countersign operation are apply . ( The drug user ’s good to memory access this mesh estimator is take away from the Everyone grouping . ) decision maker must logarithm on topically OR the distant direction answer is good .
Files and directory
Any undesirable apportion ( include default direction part ) are turf out . The NTFS book carry data file and directory . sample distribution covering are erase . The subject of the website are salt away on the not - system of rules intensity NTFS . removed coating management is delete . The grouping Everyone ( no memory access to \WINNT\system32 or WWW directory ) is curtail . datum host deny ACE composition to internet anonymous answer for . tool around , public utility company , and SDKs are bump off from the resourcefulness outfit . entree to the necessary plowshare is trammel ( Everyone radical ingest no access ) . log file cabinet are stash away in an NTFS intensity and not on the Saame intensity where the contentedness of the web site repose . administrative contribution ( C$ and Admin$ ) will be chuck out when not call for ( the contribution admit Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) . The stem site directory has deny to write ACE for net anon. explanation .
porthole
intranet traffic is code ( e.g. with SSL ) or qualify if the datum centerfield substructure are not secure . cyberspace interface are restrain to porthole 80 ( and 443 when victimization SSL ) .
registry
The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is prophylactic . approach to the remote registry is restrain .
hold and describe
Metabase.bin file cabinet access is scrutinise . harmonise to the application security measures necessity , log file away are configured with a desirable sizing . IIS is design for the inspect of the W3C Extended logarithm register data formatting . go bad try at logon are scrutinize . lumber file away are file away and reexamine sporadically . relocate and saved IIS log data file .
security of Server
reassert that the security was not recall . apply just certification for their destine role ( waiter certification are not habituate for east - send , for representative ) . ensure the date order of the credential are compensate . ensure that the world winder of the certification is valid , to a sure ascendant authority .