Quick Guide to IIS Web Server Security

With more and more companies placing their business on line, whether it's e-commerce or B2B, System Administrators have to learn how to secure their systems on the fly. Keeping systems up and running is difficult enough without having to make sure that someone with ill intentions does not bring them down. So where does the busy Systems Administrator go to acquire the knowledge needed to protect their systems and calm the rising fears of management? The fastest way to beat the learning curve is to learn from those who have done it. I am a systems administrator who took over an e-commerce/B2B 'web farm' six months ago. Prior to this position I was the SMS (Microsoft Systems Management Server) administrator. All the servers and software I worked on resided behind the corporate firewall in the corporate private network. I had very little experience with IIS and I was even less knowledgeable about firewalls. Fortunately I was not responsible for the firewall just the web servers. Unfortunately the previous administrator had not implemented any form of security and management wanted that changed immediately. For all of the Systems Administrators that find themselves in this type of situation I hope my experiences can help.