Solved

Securing IIS 7.0 Best Practices

Posted on 2013-12-03
8
244 Views
Last Modified: 2013-12-09
Hello,

    I'm running Windows Server 2008 R2 with IIS 7.0 and SQL 2008 R2 on the same box. The server is behind a juniper firewall and only allows port 80 traffic. This server is isolated and does not have any link back to my domain, it sits in its own workgroup in a DMZ. The IIS Server hosts a VB application that people on and off campus need to access. The VB application links back to demographic data hosted on the local SQL 2008 R2 server.
     This server is kept up-to-date on all critical Microsoft security patches for the OS and related products. I monitor the server disk space usage and event logs. I log 5000 'sa' login attempts per day.

Any and all suggestions on how to keep this machine secure is appreciated.
0
Comment
Question by:FNDAdmin
  • 4
  • 4
8 Comments
 
LVL 32

Accepted Solution

by:
Big Monty earned 500 total points
ID: 39692671
you're definitely on the right track. you may also want to have a look at this article which discusses some default settings that should be in place to lock down IIS, as well as good permissions practices.
0
 

Author Comment

by:FNDAdmin
ID: 39692788
WOW! Great link and article Big_Daddy! That was definitely an eye opener. It will be fun implementing these suggestions.
0
 
LVL 32

Expert Comment

by:Big Monty
ID: 39692872
glad I could help :)
0
 

Author Comment

by:FNDAdmin
ID: 39693080
Would there be any benefits to vitalizing these machines and splitting up the IIS and SQL into two separate virtual servers?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:Big Monty
ID: 39693467
the benefits would be more related to performance than security. If the machine(s) are locked down properly, I don't think you would benefit greatly from 2 machines
0
 

Author Comment

by:FNDAdmin
ID: 39696512
Anyone know why my SQL server is getting pounded with 'sa' login attempts from China, yet only port 80 is open to the Internet? and my IIS logs do not show that much activity?
0
 
LVL 32

Expert Comment

by:Big Monty
ID: 39696522
i recommend opening a new question to get help with that, as that's an entirely different topic from what you originally asked.
0
 

Author Closing Comment

by:FNDAdmin
ID: 39705985
Great all encompassing article about IIS Security. Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
I have a large data set and a SSIS package. How can I load this file in multi threading?
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now