- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Securing IIS6: From the OS, Up
- Abstract
- The dark side of the Internet can test even the most diligent System Administrator's ability to get, and keep their web server secure. WWW attacks targeted at both web applications and the servers that offer them are growing at an ever-increasing rate. This document provides a detailed look at securing Internet Information Services v6.0 (IIS6), using a combination of security templates and manual techniques. In order to provide the most secure installation of IIS possible, the paper first looks at securing the base operating system, Windows Server 2003 (Win2K3). The process will be covered completely; creating a hardened baseline on which to install IIS6, hardening the web server itself, and manually tweaking settings to conform to a custom environment. Finally, the paper also explains methods of analyzing and verifying the prescribed security settings.