Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 256
  • Last Modified:

Securing IIS 7.0 Best Practices

Hello,

    I'm running Windows Server 2008 R2 with IIS 7.0 and SQL 2008 R2 on the same box. The server is behind a juniper firewall and only allows port 80 traffic. This server is isolated and does not have any link back to my domain, it sits in its own workgroup in a DMZ. The IIS Server hosts a VB application that people on and off campus need to access. The VB application links back to demographic data hosted on the local SQL 2008 R2 server.
     This server is kept up-to-date on all critical Microsoft security patches for the OS and related products. I monitor the server disk space usage and event logs. I log 5000 'sa' login attempts per day.

Any and all suggestions on how to keep this machine secure is appreciated.
0
FNDAdmin
Asked:
FNDAdmin
  • 4
  • 4
1 Solution
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
you're definitely on the right track. you may also want to have a look at this article which discusses some default settings that should be in place to lock down IIS, as well as good permissions practices.
0
 
FNDAdminAuthor Commented:
WOW! Great link and article Big_Daddy! That was definitely an eye opener. It will be fun implementing these suggestions.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
glad I could help :)
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
FNDAdminAuthor Commented:
Would there be any benefits to vitalizing these machines and splitting up the IIS and SQL into two separate virtual servers?
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
the benefits would be more related to performance than security. If the machine(s) are locked down properly, I don't think you would benefit greatly from 2 machines
0
 
FNDAdminAuthor Commented:
Anyone know why my SQL server is getting pounded with 'sa' login attempts from China, yet only port 80 is open to the Internet? and my IIS logs do not show that much activity?
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
i recommend opening a new question to get help with that, as that's an entirely different topic from what you originally asked.
0
 
FNDAdminAuthor Commented:
Great all encompassing article about IIS Security. Thanks!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now