troubleshooting Question

Hardening IIS 6

Avatar of rvthost
rvthost asked on
Microsoft IIS Web Server
5 Comments2 Solutions684 ViewsLast Modified:
Windows Server 2003 - R2
Dedicated IIS server

It's been requested that I make a site public.  This site accesses a SQL database which is hosted on a second server.  The data stored is considered sensitive.  I'm going to put the IIS server in the DMZ and keep the SQL DB on the inside.  Only SSL connections allowed to IIS from the outside.  From the IIS server to the inside of the network, only those ports required will be opened. (SQL, etc.)

What other "key" steps should I be taking to make this as secure as possible?  I can, and have, googled around and found plenty of sites talking about hardening IIS (rename admin acct, good passwords, etc.).  I will follow those but I'm just making sure I'm not missing something else that I should be doing.  If anyone has done this and wishes to share, I appreciate the feedback.  Thanks!

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros