Welcome toChina Server Net
About us | Add to Favorites | Contact us | 中文版
In full detail talks about IIS safe mechanism
From;    Author:Stand originally

IIS (Internet Information Server) one of Web servers that serve as current popularity, provided powerful Internet and Intranet service function. How to strengthen the safe mechanism of IIS, build the reliable Web server of high safety performance, already made the main component of network management.

It is a foundation with the safe mechanism of Windows NT

1. Use NTFS file system

NTFS file system can undertake administrative to file and catalog, FAT file system can provide the security that shares stage only, and the safe mechanism of Windows NT is to build on NTFS file system, had better use NTFS file system when installing Windows NT so, will not establish the safe mechanism of NT otherwise.

2. Share the modification of attributive

In the system acquiescent circumstance falls, every build to be shared newly, everyone user enjoys “ to accuse those who make ” completely to share jurisdiction, accordingly, establishing the default limits of authority that Everyone should revise newly instantly after sharing.

3. For systematic manager Zhang date more renown

Region user manages implement although can limit the number that guesses countersign, but to systematic manager Zhang date (Adminstrator) cannot restrict however, this atttacks countersign of administrator Zhang date possibly to bring an opportunity to illegal user, manage through region user implement to administrator Zhang date more renown can yet be regarded as a kind of tweak. Specific setting method is as follows:
Choice “ begins ” to choose ”→ of odd →“ program to start “ region user to manage implement date of administrator Zhang of “ of ”→ pitch on (Adminstrator) ” of user of ”→ choice “ chooses odd →“ to name ” again, undertake modification to its.

4. The NetBIOS that cancels TCP/IP to go up is bound calm

NT system manager can carry the image between name of NetBIOS of tectonic target station and its IP address, the other server that goes up to Internet or Intranet undertakes administrative, but illegal user also can find an opportunity that can be exploited to sbs advantage from which. If this is planted,long-range management is not must, should cancel instantly (pass network property tie calm option, cancel NetBIOS and TCP/IP between bind calm) .

Set the safe mechanism of IIS

1. Safe problem of the attention answers when installation

1) avoid installation to be in advocate on region controller
After installing IIS, the computer general that installing makes IUSR_Computername anonymous account. This account is added in region user group, provide the visit limits of authority that uses at region user group to every faceless user that visits Web server thereby, this brings potential risk to IIS not only, and browbeat possibly still the safety of whole region resource. Want to avoid to install IIS server on region controller as far as possible so, especially advocate on region controller.
Previous12 Next