Guidelines For Designing Monitoring And Maintenance Strategies For Iis

By Author: unknownmem
Total Articles: 128
Comment this article

Designing monitoring and maintenance strategies for MCSA Certification(http://www.mcsa-70-270.com)
combines the monitoring and maintenance strategies described for all networked systems—such as firewalls and intrusion detection—and adds Windows specific operating system security and HS-spe-cific strategies such as backing up the metabase and managing US-specific logs. It is also necessary to include a design for secure administrative practices.
The following sections explain the components of a backup strategy for IIS, describe IIS log file formats, and then provide guidelines for designing monitoring and respond ing to alerts; reviewing security policies, processes, and procedures; encrypting communications; and designing secure remote administration.This topic addresses only US-specific issues.
Enable Only Necessary Components The business needs of the organization will dictate the Web applications that will run on the server. In an ideal world, the security designer will be called upon to assist in the application design to ensure that the best choices are made at that time to support security. ...
... If this is not the case, the designer's job is to minimize exposure while supporting the applications.
Enable Essential Web Service Extensions By default, only static Web pages can be used. To provide support for dynamic Web pages and other Web services, additional services and extensions must be added, such as Active microsoft exams(http://www.mcsa-70-270.com)
Server Pages, ASP.NET, FrontPage Server Extension, WebDAV, Internet Server API (ISAPI) Extensions, and so forth.
Do not change the status of All Unknown ISAPI Extensions to Allowed. (See Figure 13-1.) This creates a security risk because many ISAPI extensions are created to extend Web services and are not reviewed for security vulnerabilities. Requiring review and approval for the use of an ISAPI extension is a sound security practice and assists in the effort to reduce the attack surface. This is an issue over which people primarily concerned with business needs can butt heads with those primarily concerned with security. It is relatively easy to write or locate an ISAPI extension that provides some extra service or function. It is a lot harder to write or review for security the ISAPI extension. Providing a review process can help ensure that the business needs and the security requirements are both considered.
This is a default group that is added when IIS is installed. This group has default access to write to log files, access to the metabase, and other
access required for most IIS applications to run. This group provides an easy way to provide the application pool identities with the access required. Instead of applying the proper access permissions directly to each new user account created as an application pool identity, the new account can be added to the Free practice exams for MCTS(http://www.examshots.com/certification/MCTS:-Windows-Server-2008-3.html)
group.