Link to home
Create AccountLog in
ASP.NET

ASP.NET

--

Questions

--

Followers

Top Experts

Avatar of Gautam
Gautam🇮🇳

Securing Windows/IIS-Based Website Hosting Environment and Controls

Dear Experts,

Our website is currently hosted and maintained by third party hosting provider, It was recently brought to our attention that the website was compromised, displaying irrelevant content, though the service provider rectified but we are concerned about the adequacy of the security measures in place to prevent such incidents in the future. Please find below hosting environment details

  • Hosting Platform: Amazon AWS
  • Web Server: Microsoft-IIS 10.0
  • Application Stack: ASP.NET 4.0.30319
  • TLS Certificate: Let’s Encrypt

I have prepared following questions, please help is this okay or something to be added or modified 

  1. Have AWS-native security services such as AWS Web Application Firewall (WAF) and Shield been enabled?
  2. What OS-level and application-level hardening practices have been applied on the server?
  3. Are regular patches and updates being applied to the server and application stack?
  4. Is endpoint protection (e.g., antivirus/antimalware) in place and up to date for web protection 
  5. Have any vulnerability assessments or security audits been carried out recently?
  6. Do you maintain access control logs and monitoring alerts to detect malicious activity?

 

Hope we can ask for above details and as will please help with any security controls that is available within AWS for Web Server: Microsoft-IIS 10.0 or third party tools recommended for protecting the website from attacks, thank you

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

ASKER CERTIFIED SOLUTION
Avatar of Shaun VermaakShaun Vermaak🇦🇺

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
SOLUTION
Avatar of btanbtan

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of GautamGautam🇮🇳

ASKER

thanks, can you please provide list of security controls that service provider has to implement at AWS level or in general for website what all security controls are recommended to protect the Web Server: Microsoft-IIS
SOLUTION
Avatar of btanbtan

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of GautamGautam🇮🇳

ASKER

thanks for inputs, please find the below
Web Server: Microsoft-IIS 10.0
Application Stack: ASP.NET 4.0.30319

We had asked : IIS Request Filtering & IP Restrictions: Are appropriate request filtering and IP-based access control measures in place? -

Web hosting service provider reply: Since the website is open to all, we have not restricted specific IP Addresses.


Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

ASP.NET

ASP.NET

--

Questions

--

Followers

Top Experts

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications