<div>
<div class="content wysiwyg-content">
I am running IIS6 on a windows 2003 server. I need to set an account lockout policy to prevent brute force attacks on the web sites being hosted on the server.<br />
<br />
Do I need to do anything else other than set a local security policy on the windows 2003 server which is hosting IIS6 and my websites? <br />
<br />
I know how to set an account lockout policy on the local server that host the IIS6 server by going to GPO Editor  Computer Configuration  Windows Settings  Security Setting  Account Policies  Account Lockout Policy. &nbsp;Is there anything else I need to do?<br />
<br />
Thanks,<br />

</div>
</div>


I am running IIS6 on a windows 2003 server. I need to set an account lockout policy to prevent brute force attacks on the web sites being hosted on the server.

Do I need to do anything else other than set a local security policy on the windows 2003 server which is hosting IIS6 and my websites? 

I know how to set an account lockout policy on the local server that host the IIS6 server by going to GPO Editor  Computer Configuration  Windows Settings  Security Setting  Account Policies  Account Lockout Policy.  Is there anything else I need to do?

Thanks,


Account Lockout policy for IIS6

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.