Guidelines For Reducing The Web Server Attack Surface

By Author: unknownmem
Total Articles: 128
Comment this article

To reduce the Web server attack surface, you must secure MCSE 2003 exams(http://www.mcsa-70-291.com)
and then enable only needed IIS components and services. The following sections provide guidelines for how to do these things.
Guidelines for Securing Windows Server 2003
The first step in reducing the attack surface for the Web server is to reduce the attack surface of the Windows Server 2003 server on which the Web server runs.Many chapters in this book detail strategies that can help you do so. This section outlines a few Web server-specific details.
Disable or Restrict Use of Unnecessary Services and Components One of the first areas of concern should be the services running on the Web server. The design should include recommendations that specify possible services that can be disabled. Two purposes can be served here. First, in most cases, simply disabling a service ensures that any vulnerabilities discovered in its code cannot be exploited before the patch is released. Second, removing the capability that the service provides can prevent inadvertent or intentional damage to the MCSA 2003 exams(http://www.mcsa-70-291.com)
...
... . Services are, after all, designed to be used to do something. Each "something" adds risk. For example, the remote registry service is designed to allow administrators to remotely modify the registry. If this ser?vice is enabled on the Web server, this ability could be used by an attacker to damage the Web server. However, if the service is disabled and administration is carried out either locally or through terminal services, the remote registry services should be disabled to prevent an attack using the service.
Chapter 8 provides recommendations for services that should be disabled in a locked-down environment. If you use the baseline templates described there to apply security for the server, you will use an incremental template as the IIS baseline. In that template, you will enable services that are required for the IIS server to run.
One additional thought to remember: not every Web server is only a Web server. While dedicating the server to just be a Web server is preferred, this might not always be possible. Remember to define clearly any additional roles the Web server computer will have to perform, as you might need to enable services and other settings for it to do so. The following sections provide Web server specific information about Windows that might be different from or required in addition free Microsoft IT certification test questions(http://www.examshots.com/vendor/Microsoft-1.html)
to the generic recommendations provided in Chapter 8.