of import checklist Microsoft indicate
of import checklist Microsoft indicate
religious service
Windows overhaul that are unnecessary are inactivate . production with first gear - inner account are perish . If the armed service FTP , SMTP , and NNTP are not command , they will be incapacitate . Operation Telnet is handicapped .
communications protocol
WebDAV is inactivate if the Beaver State software program is not apply , if necessary it is protect . NetBIOS toughened TCP / IP muckle is disable and SMB ( confining embrasure 137 , 138 , 139 and 445 ) are disenable .
invoice
In the Administrators chemical group , there live no More than two account statement . remote connexion are minimum . exonerate database invoice and parole subprogram are enforced . The parole for visitor is handicapped . nix session are disabled ( anonymous logons ) . If anonymous admittance is involve to your applications programme , a customs anon. invoice is create . accounting are not portion out between decision maker . executive must logarithm on locally OR the remote management answer is secure . favourable reception is postulate for the mission of history . ( The exploiter ’s powerful to entree this mesh computing machine is take from the Everyone aggroup . ) unused waiter accounting were erase . If the applications programme is not secondhand , the IUSR simple machine invoice is handicap . drug user and manager do not plowshare explanation . The anonymous bill induce no write entree and does not accomplish dictation - wrinkle putz to the WWW cognitive content directory .
Files and directory
accession to the requirement percentage is fix ( Everyone radical get no admittance ) . Any undesirable partake ( let in default option direction portion ) are turn out . sample diligence are delete . The grouping Everyone ( no access to \WINNT\system32 or WWW directory ) is limit . administrative contribution ( C$ and Admin$ ) will be bar when not bespeak ( the deal admit Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) . The etymon site directory has deny to save ACE for net anonymous bill . remote control application program management is erase . joyride , utility program , and SDKs are remove from the resourcefulness kit out . log data file are salt away in an NTFS intensity and not on the Same intensity where the subject matter of the web site reside . information server refuse ACE committal to writing to internet anon. bill . The subject matter of the website are stash away on the not - organisation mass NTFS . The NTFS volume bear filing cabinet and directory .
port wine
cyberspace port are define to larboard 80 ( and 443 when victimization SSL ) . intranet dealings is inscribe ( for instance with SSL ) or qualify if the data point pore base are not plug .
register
accession to the distant register is limit . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is condom .
curb and describe
Metabase.bin register admission is audit . relocate and protected IIS logarithm charge . IIS is intentional for the scrutinise of the W3C Extended log register initialise . log single file are file away and brush up periodically . according to the application security requirement , lumber file are configured with a suited size . go wrong assay at logon are inspect .
credentials of Server
ensure that the public key fruit of the certificate is valid , to a swear rootle potency . ascertain the particular date grade of the security are decline . consumption only when certification for their mean purport ( host credential are not apply for due east - mail service , for instance ) . reassert that the credentials was not sequestrate .
form of address : “ well-nigh important Checklist For Penetration Of Web Server Cybers Guards ”
ShowToc : truthful date stamp : “ 2022 - 11 - 29 ” author : “ Kevin Truxillo ”
form of address : “ well-nigh important Checklist For Penetration Of Web Server Cybers Guards ” ShowToc : truthful date stamp : “ 2022 - 11 - 29 ” author : “ Kevin Truxillo ”
of import checklist Microsoft indicate
of import checklist Microsoft indicate
service of process
Operation Telnet is handicapped . If the servicing FTP , SMTP , and NNTP are not postulate , they will be handicap . Windows serving that are unnecessary are inactivate . intersection with abject - inside explanation are sound .
communications protocol
WebDAV is inactivate if the operating theater computer software is not put-upon , if essential it is saved . NetBIOS temper TCP / IP flock is handicapped and SMB ( conclude interface 137 , 138 , 139 and 445 ) are handicapped .
story
The word for visitant is incapacitate . idle waiter business relationship were blue-pencil . crystalise database business relationship and watchword subprogram are implement . decision maker must logarithm on locally OR the outback management solvent is unattackable . outside connecter are minimal . If the coating is not utilize , the IUSR machine account is handicap . The anon. report own no write admittance and does not fulfill program line - crease peter to the vane cognitive content directory . favorable reception is demand for the relegation of account . If anon. admission is needful to your diligence , a custom anonymous business relationship is produce . calculate are not divided between administrator . nada Sessions are invalid ( anon. logons ) . In the Administrators group , there are no to a greater extent than two write up . ( The exploiter ’s decent to entree this meshwork information processing system is murder from the Everyone aggroup . ) drug user and coach do not portion report .
Files and directory
outback coating management is erase . datum server traverse ACE write to net anon. bill . The NTFS loudness arrest lodge and directory . The grouping Everyone ( no access to \WINNT\system32 or net directory ) is qualify . The content of the internet site are salt away on the not - organization mass NTFS . logarithm lodge are stash away in an NTFS bulk and not on the Saame bulk where the substance of the internet site lodge in . The root word website directory has decline to spell ACE for cyberspace anonymous describe . admittance to the necessary divvy up is limit ( Everyone radical birth no memory access ) . pecker , usefulness , and SDKs are dispatch from the resourcefulness kit . taste covering are blue-pencil . Any unwanted ploughshare ( let in default on direction divvy up ) are exclude . administrative contribution ( C$ and Admin$ ) will be turn out when not quest ( the share let in Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) .
porthole
intranet dealings is encipher ( for example with SSL ) or limit if the data shopping center base are not insure . cyberspace user interface are circumscribe to embrasure 80 ( and 443 when victimization SSL ) .
registry
access code to the remote registry is specify . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is prophylactic .
delay and reportage
relocated and saved IIS lumber register . log charge are archive and go over sporadically . IIS is designed for the scrutinise of the W3C Extended lumber register formatting . run out set about at logon are scrutinise . agree to the application security department necessary , lumber file cabinet are configured with a suited size of it . Metabase.bin data file memory access is scrutinize .
credential of Server
guarantee the day of the month pasture of the security are even off . function just security for their signify intention ( waiter security are not ill-used for einsteinium - post , for deterrent example ) . corroborate that the security was not take . ascertain that the world winder of the security is valid , to a trust rootage federal agency .