Designing Iis Security Baselines Based On Business Needs

By Author: unknownmem
Total Articles: 128
Comment this article

The best way to learn how to design 70-291 Exam(http://www.mcsa-70-291.com)
security baselines based on business needs is to examine possible business needs, answer those needs with a description of IIS features that the business needs appear to suggest are required, and then identify how security can be established that will allow the business needs to be met but will add minimal risk to the IIS environment. The following examples are provided as potential solutions to such a project. business needs are identified in the first column, IIS features that might be required to support those needs are provided in the second column, and suggestions for security to accommodate the business needs are shown in the third column.
Follow these guidelines for designing monitoring and responding to alerts:
Choose a log file format based on the properties that will be the most useful. For example:
The IIS log file format will record the target file accessed, but the NCSA log file format will not.
The central binary log file format can be the most efficient and can conserve memory, CPU, and disk space. However, ...
... because all data from all sites is logged to one log and because the format is binary 70-291(http://www.mcsa-70-291.com)
, the log file might be more difficult to assess.
Set or maintain log folder permissions. Because the log file location can be moved,be sure to set proper permissions at the custom location. When central binary log files are used, set the folder permissions to:
Set or maintain log file permissions. When central binary log files are used, set file
permissions to:
On domain member Web servers, audit the domain GPO and GPOs that are applied to Web servers.
When auditing GPOs ensure
User rights provide only those necessary.
Only administrators can log on locally, and only administrators have the ability to log on to Web servers using terminal services.
Only necessary services are enabled.
Create custom log file formats where it is necessary to log data that cannot be specified in the available log file formats.
Audit firewall configuration. Specifically, ensure that ports are closed that are bknown attack vectors and that are not necessary for Web server functions.
Audit the use of periodic virus scanning both on the Web server and on network gateways.
Tip If the SMTP service is installed and started on Web servers, access can be logged. To do so, you must enable protocol logging for SMTP This is done in the property pages MCSE study guides free download(http://www.examshots.com/certification/MCSE-2003-50.html)
for the SMTP virtual server.