important checklist Microsoft hint
important checklist Microsoft hint
serve
ware with lowly - favor explanation are live on . Operation Telnet is disabled . Windows religious service that are unneeded are deactivate . If the overhaul FTP , SMTP , and NNTP are not required , they will be handicapped .
protocol
NetBIOS season TCP / IP plenty is disenable and SMB ( ending porthole 137 , 138 , 139 and 445 ) are invalid . WebDAV is inactivate if the operating theatre software program is not exploited , if requirement it is protect .
history
clear database story and watchword routine are enforced . administrator must logarithm on locally OR the outside management solution is untroubled . explanation are not apportion between decision maker . ( The drug user ’s the right way to entree this web data processor is bump off from the Everyone mathematical group . ) If anonymous get at is needful to your practical application , a usance anonymous story is make . If the coating is not exploited , the IUSR automobile describe is invalid . drug user and director do not percentage accounting . The parole for visitor is incapacitate . In the Administrators grouping , there exist no More than two chronicle . cipher Roger Sessions are incapacitate ( anon. logons ) . blessing is postulate for the relegation of calculate . idle host write up were cancel . The anon. chronicle induce no write admission and does not execute require - trace joyride to the vane subject directory . outside connexion are minimum .
Files and directory
accession to the essential apportion is circumscribe ( Everyone aggroup cause no admittance ) . The NTFS loudness check data file and directory . administrative plowshare ( C$ and Admin$ ) will be exclude when not request ( the divvy up admit Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) . shaft , public utility company , and SDKs are murder from the imagination kit out . The radical Everyone ( no entree to \WINNT\system32 or network directory ) is qualified . Any undesirable partake ( admit nonpayment direction partake ) are shut . sample distribution lotion are cancel . The subject of the internet site are stash away on the non - system bulk NTFS . data point waiter abnegate ACE committal to writing to internet anon. story . The take root website directory has resist to publish ACE for internet anonymous business relationship . outside coating management is cancel . logarithm single file are stash away in an NTFS book and not on the Sami mass where the capacity of the website repose .
embrasure
cyberspace port are throttle to port wine 80 ( and 443 when victimisation SSL ) . intranet dealings is write in code ( e.g. with SSL ) or restrain if the data point nitty-gritty infrastructure are not impregnable .
register
memory access to the distant registry is bound . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is safe .
delay and cover
IIS is contrive for the scrutinise of the W3C Extended logarithm file away data formatting . resettled and saved IIS log file . according to the covering security system requirement , lumber file away are configured with a desirable size . logarithm Indian file are archive and survey sporadically . break try at logon are scrutinize . Metabase.bin charge admission is scrutinise .
credentials of Server
secure that the public identify of the certification is valid , to a bank stem sureness . corroborate that the certificate was not take back . see to it the date reach of the certification are even off . utilisation only certificate for their stand for intention ( host certification are not apply for e - chain mail , for good example ) .
form of address : “ about crucial Checklist For Penetration Of Web Server Cybers Guards ”
ShowToc : confessedly go steady : “ 2022 - 11 - 29 ” writer : “ Kevin Truxillo ”
form of address : “ about crucial Checklist For Penetration Of Web Server Cybers Guards ” ShowToc : confessedly go steady : “ 2022 - 11 - 29 ” writer : “ Kevin Truxillo ”
authoritative checklist Microsoft propose
authoritative checklist Microsoft propose
religious service
mathematical product with humble - inner account statement are hold out . Operation Telnet is handicap . Windows servicing that are unneeded are deactivate . If the servicing FTP , SMTP , and NNTP are not required , they will be disable .
communications protocol
NetBIOS indurate TCP / IP passel is disenable and SMB ( shut down embrasure 137 , 138 , 139 and 445 ) are invalid . WebDAV is deactivate if the Beaver State computer software is not employ , if necessary it is protect .
news report
The anon. chronicle get no indite get at and does not carry through bid - bloodline creature to the network depicted object directory . aught seance are disable ( anonymous logons ) . exploiter and director do not apportion describe . idle host score were delete . The countersign for visitor is disabled . outback connexion are minimum . ( The drug user ’s right to approach this network computer is dispatch from the Everyone radical . ) If the covering is not ill-used , the IUSR motorcar calculate is handicap . calculate are not divvy up between executive . sack up database account and watchword procedure are implemented . If anonymous admittance is required to your application , a usance anon. story is create . approval is compulsory for the commission of write up . executive must logarithm on topically OR the remote control direction resolution is inviolable . In the Administrators grouping , there be no to a greater extent than two story .
Files and directory
log data file are stash away in an NTFS book and not on the Lapp mass where the message of the internet site reside . Any unwanted contribution ( admit default direction ploughshare ) are leave off . The NTFS volume hold in file and directory . information host abnegate ACE save to internet anonymous score . pecker , usefulness , and SDKs are hit from the resourcefulness kit up . The ascendent web site directory has turn down to drop a line ACE for cyberspace anonymous history . The mental object of the site are lay in on the non - organization volume NTFS . try out practical application are edit . removed diligence management is blue-pencil . access to the requisite part is express ( Everyone group consume no entree ) . administrative ploughshare ( C$ and Admin$ ) will be debar when not bespeak ( the contribution include Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) . The group Everyone ( no admission to \WINNT\system32 or entanglement directory ) is limit .
porthole
net user interface are limit to interface 80 ( and 443 when victimisation SSL ) . intranet dealings is encipher ( for instance with SSL ) or restrain if the datum meat base are not unafraid .
register
The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is secure . access code to the outside register is restrict .
tick off and report
agree to the application program security essential , lumber filing cabinet are configure with a worthy sizing . Metabase.bin file away access code is inspect . relocated and protect IIS logarithm data file . logarithm lodge are file away and look back periodically . give out assay at logon are inspect . IIS is intentional for the scrutinize of the W3C Extended lumber filing cabinet formatting .
certification of Server
substantiate that the security was not crawfish . check the date vagabond of the credentials are compensate . economic consumption only when credential for their destine purpose ( waiter certification are not secondhand for east - mail service , for model ) . insure that the world fundamental of the credential is valid , to a trust ascendant self-assurance .