Security Best Practices for IIS Web Server (Hardening)

Hey SQL Enthusiastic, this Blog for SQL Users and Enthusiastic about the Best Practices of IIS on Web Server.

Security Best Practices for IIS to make sure that no security breaches can happen with the Web Servers.

Some of the ways to harden Windows IIS include:

  • Ensure the Windows operating system is updated with all security patches.
  • Disable any features of IIS not in use to reduce potential attacks.
  • Use firewall to ensure the server is only receiving valid packets.
  • Control which IP addresses and domains can access the web server.
  • Use logging to view the visitors accessing the web server.
  • Configure the error page to display only relevant information about an issue. Make certain that error pages don’t display too much information, such as usernames, passwords, the IP address of the server or any information that hackers could use to exploit the web server.
  • Make periodic backups of the IIS server.
  • Limit permissions granted to non-administrators.
  • Turn on SSL and maintain SSL certificates.
  • For a classic ASP application, turn off debug mode.

Enjoy! Happy Learning           Reach me on [email protected]


About Firoj Ansari

I’m a Database technologist with 8 Years of hand-on experience in MS SQL Server and MySQL. B. Tech in Computer Science with Microsoft Certified Professional, ITIL Certified and Microsoft Certified Azure Administrator. Specializing in Database Installation and Configuration, Designing & Implementing High Availability Solutions, Performance Tuning, SAN Storage, Backup Solution-Tape Library, Designing & Implementing Virtualization (Windows Hyper-V, VMware), Internet Information Services.

Leave a Reply

Your email address will not be published. Required fields are marked *