{"id":31501,"date":"2021-02-09T22:19:27","date_gmt":"2021-02-09T14:19:27","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&#038;p=31501"},"modified":"2022-09-07T20:23:19","modified_gmt":"2022-09-07T12:23:19","slug":"security-tips-iis-6-0-security-best-practices","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/security-tips-iis-6-0-security-best-practices","title":{"rendered":"TIPS: IIS 6.0 \u2013 Security Best Practices"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"31501\" class=\"elementor elementor-31501\" data-elementor-post-type=\"kb\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4cbff96 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4cbff96\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4d9c3e9\" data-id=\"4d9c3e9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-686dfcd elementor-widget elementor-widget-heading\" data-id=\"686dfcd\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">TIPS: IIS 6.0 \u2013 Security Best Practices<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-21e1463 elementor-widget elementor-widget-text-editor\" data-id=\"21e1463\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>ATTENTION<\/strong>:\u00a0 All <a href=\"https:\/\/www.casbay.com\/asia-dedicated-server\/malaysia\">Dedicated Servers<\/a> or <a href=\"https:\/\/www.casbay.com\/windows-vps-hosting-malaysia\">VPS Windows servers<\/a> using IIS 6.0. Kindly <a href=\"https:\/\/www.casbay.com\/contact\">contact our team<\/a> if you have any inquiries or need help.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fc8545f elementor-widget elementor-widget-heading\" data-id=\"fc8545f\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">1. Use end-to-end encryption<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-81de647 elementor-widget elementor-widget-text-editor\" data-id=\"81de647\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li>If you have reverse proxy and\/or load balancer in front of your web servers, prefer to use SSL-bridging instead of SSL-offloading<\/li><li>Disable older SSL\/TLS versions than TLS 1.2<\/li><li>Disable weak cypher suits<\/li><li>SSL\/TLS and cypher suit settings are server-wide settings, and IIS supports whatever the OS supports. However, for .NET applications check the below article:<p>Transport Layer Security (TLS) best practices with the .NET Framework<br \/><a style=\"font-size: 17px; background-color: #ffffff;\" href=\"https:\/\/docs.microsoft.com\/en-us\/dotnet\/framework\/network-programming\/tls\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/docs.microsoft.com\/en-us\/dotnet\/framework\/network-programming\/tls<\/a><\/p><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-99af4c4 elementor-widget elementor-widget-heading\" data-id=\"99af4c4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">2. Add security headers to your applications:<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c0ea02 elementor-widget elementor-widget-text-editor\" data-id=\"3c0ea02\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>\u00a0 \u00a0 Content Security Policy (CSP)<br \/><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-edge\/extensions-chromium\/store-policies\/csp\" target=\"_blank\" rel=\"noopener noreferrer\">\u00a0 \u00a0 https:\/\/docs.microsoft.com\/en-us\/microsoft-edge\/extensions-chromium\/store-policies\/csp<\/a><\/p><p class=\"lia-indent-padding-left-60px\">\u00a0 \u00a0 HSTS Settings for a Web Site <br \/><a href=\"https:\/\/docs.microsoft.com\/en-us\/iis\/configuration\/system.applicationhost\/sites\/site\/hsts\" target=\"_blank\" rel=\"noopener noreferrer\">\u00a0 \u00a0 https:\/\/docs.microsoft.com\/en-us\/iis\/configuration\/system.applicationhost\/sites\/site\/hsts<\/a><\/p><p class=\"lia-indent-padding-left-60px\">\u00a0 \u00a0 X-Frame-Options<br \/><a href=\"https:\/\/tools.ietf.org\/html\/rfc7034\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">\u00a0 \u00a0 https:\/\/tools.ietf.org\/html\/rfc7034<\/a><\/p><p class=\"lia-indent-padding-left-60px\">\u00a0 \u00a0 OWASP Secure Headers Project<br \/><a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Headers_Project#tab=Headers\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">\u00a0 \u00a0 https:\/\/www.owasp.org\/index.php\/OWASP_Secure_Headers_Project#tab=Headers<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d61588 elementor-widget elementor-widget-heading\" data-id=\"6d61588\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">3. Configure \"Request Filtering\":<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-085969e elementor-widget elementor-widget-text-editor\" data-id=\"085969e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li>\u201cAllow unlisted file name extensions&#8221;: Uncheck (allow only the extensions you will use; add &#8220;.&#8221; to allow extensionless requests)<\/li><li>\u201cAllow unlisted verbs&#8221;: Uncheck (allow only the verbs you will use)<\/li><li>Lower &#8220;request limits&#8221; if possible<p>Request Filtering <br \/><a style=\"font-size: 17px; background-color: #ffffff;\" href=\"https:\/\/docs.microsoft.com\/en-us\/iis\/configuration\/system.webserver\/security\/requestfiltering\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/docs.microsoft.com\/en-us\/iis\/configuration\/system.webserver\/security\/requestfiltering\/<\/a>\u00a0<\/p><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b9e03ea elementor-widget elementor-widget-heading\" data-id=\"b9e03ea\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">4. Remove HTTP headers<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a2773e3 elementor-widget elementor-widget-text-editor\" data-id=\"a2773e3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>Remove HTTP headers<\/strong> which identifies the server and application. These headers are believed to cause security vulnerability:<\/p><p class=\"lia-indent-padding-left-60px\">\u00a0 \u00a0 removeServerHeader<br \/><a href=\"https:\/\/docs.microsoft.com\/en-us\/iis\/configuration\/system.webserver\/security\/requestfiltering\/#new-in-iis-100\" target=\"_blank\" rel=\"noopener noreferrer\">\u00a0 \u00a0 https:\/\/docs.microsoft.com\/en-<br \/>\u00a0 \u00a0 us\/iis\/configuration\/system.webserver\/security\/requestfiltering\/#new-i&#8230;<\/a><\/p><p class=\"lia-indent-padding-left-60px\">\u00a0 \u00a0 Remove Unwanted HTTP Response Headers<br \/><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/iis-support-blog\/remove-unwanted-http-response-headers\/ba-p\/369710\" target=\"_blank\" rel=\"noopener\">\u00a0 \u00a0 https:\/\/techcommunity.microsoft.com\/t5\/iis-support-<br \/>\u00a0 \u00a0 blog\/remove-unwanted-http-response-headers\/ba-p\/3&#8230;<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ed57bac elementor-widget elementor-widget-heading\" data-id=\"ed57bac\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">5. Set NTFS permissions<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2722ed2 elementor-widget elementor-widget-text-editor\" data-id=\"2722ed2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><strong>Set NTFS permissions<\/strong> on the content folders as needed:<\/p><ul><li style=\"list-style-type: none;\"><ul><li>Do not give unnecessary permissions to unnecessary users. Remove permissions of Users and other groups. You should consider authentication and impersonation configurations to do this.<\/li><li>The content folder should only need &#8220;read&#8221; and &#8220;read and execute&#8221; permissions. If your application needs to write something (like logs or temp files) write them to a separate folder (one for each application on the server) and give &#8220;write&#8221; permission only to that specific folder.<\/li><li>Make sure that the folders with write permissions cannot be accessed through HTTP protocol. i.e. make sure that access to that folder is denied by Request Filtering module.\u00a0<\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e265737 elementor-widget elementor-widget-heading\" data-id=\"e265737\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Other Security Practices<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7e8d55e elementor-widget elementor-widget-text-editor\" data-id=\"7e8d55e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul><li>If using anonymous authentication, set the user to &#8220;<strong>Application pool identity<\/strong>&#8221; to be able to isolate your sites and applications.<\/li><li><strong>Do not store sensitive information in configuration files<\/strong>. Encrypt such fields if you need to have them:<\/li><\/ul><p class=\"lia-indent-padding-left-60px\">\u00a0 \u00a0 \u00a0 Protecting Connection Strings and Other Configuration Information (C#)<br \/><a href=\"https:\/\/docs.microsoft.com\/en-us\/aspnet\/web-forms\/overview\/data-access\/advanced-data-access-scenarios\/protecting-connection-strings-and-other-configuration-information-cs\" target=\"_blank\" rel=\"noopener noreferrer\">\u00a0 \u00a0 \u00a0 https:\/\/docs.microsoft.com\/en-us\/aspnet\/web-forms\/overview\/data-<br \/>\u00a0 \u00a0 \u00a0 access\/advanced-data-access-scenario&#8230;<\/a><\/p><ul><li><strong>Remove any unused modules<\/strong> to reduce attack surface. For example, if you do not specifically need WebDAV, do not install it.<\/li><li>Consider <strong>adding the host names of your web sites to Hosts file<\/strong> to point 127.0.0.1, so that you can test your applications locally on the servers in a web farm environment. This would be the first and the easiest test to eliminate network issues.<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b75cbb elementor-widget elementor-widget-text-editor\" data-id=\"6b75cbb\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>We hope this article helped you to learn How to update Google Mail Apps MX Record. For more articles, please go to\u00a0<a href=\"https:\/\/www.casbay.com.my\/guide\/\">Knowledge Base<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>TIPS: IIS 6.0 \u2013 Security Best Practices ATTENTION:\u00a0 All Dedicated Servers or VPS Windows servers using IIS 6.0. Kindly contact our team if you have any inquiries or need help. 1. Use end-to-end encryption If you have reverse proxy and\/or load balancer in front of your web servers, prefer to use SSL-bridging instead of SSL-offloading [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[109],"kbtag":[106,105],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/31501"}],"collection":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/comments?post=31501"}],"version-history":[{"count":9,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/31501\/revisions"}],"predecessor-version":[{"id":38127,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/31501\/revisions\/38127"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media?parent=31501"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=31501"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtag?post=31501"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=31501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}