rvthost
asked on
Hardening IIS 6
Windows Server 2003 - R2
Dedicated IIS server
It's been requested that I make a site public. This site accesses a SQL database which is hosted on a second server. The data stored is considered sensitive. I'm going to put the IIS server in the DMZ and keep the SQL DB on the inside. Only SSL connections allowed to IIS from the outside. From the IIS server to the inside of the network, only those ports required will be opened. (SQL, etc.)
What other "key" steps should I be taking to make this as secure as possible? I can, and have, googled around and found plenty of sites talking about hardening IIS (rename admin acct, good passwords, etc.). I will follow those but I'm just making sure I'm not missing something else that I should be doing. If anyone has done this and wishes to share, I appreciate the feedback. Thanks!
Dedicated IIS server
It's been requested that I make a site public. This site accesses a SQL database which is hosted on a second server. The data stored is considered sensitive. I'm going to put the IIS server in the DMZ and keep the SQL DB on the inside. Only SSL connections allowed to IIS from the outside. From the IIS server to the inside of the network, only those ports required will be opened. (SQL, etc.)
What other "key" steps should I be taking to make this as secure as possible? I can, and have, googled around and found plenty of sites talking about hardening IIS (rename admin acct, good passwords, etc.). I will follow those but I'm just making sure I'm not missing something else that I should be doing. If anyone has done this and wishes to share, I appreciate the feedback. Thanks!
ASKER
Thanks for your comments.
One of our web developers suggested keeping both our SQL and our IIS server inside the network, and then put a http proxy server in the DMZ instead. I understand the idea of a proxy server, but have not worked with them. What are the security implications of that setup, pros/cons? If I should start a new question, I will do so. Thanks.
One of our web developers suggested keeping both our SQL and our IIS server inside the network, and then put a http proxy server in the DMZ instead. I understand the idea of a proxy server, but have not worked with them. What are the security implications of that setup, pros/cons? If I should start a new question, I will do so. Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to both for your comments. We're proceeding forward...no proxy :)
Only enable the functions you require and leave the rest disabled.
Along with the network security you have already mentioned you should be good to go.
Dave Dietz