IIS Security Practices

Full Title or Meme

Security practices to follow on IIS for good security.

Context

Assuming IIS (or any web platform) is running as a front end web server, it should never be trusted with high value assets and assumed to be hackable. Still there are ways to make the hacks much less frequent.
Ultimate Guide to IIS Server: What Is IIS? 2020 IIS Tutorial 2020-02-20

Solutions

Application Pool Identities

Starting with Server 2008 R2 IIS services will not longer run as network services but with virtual Application Pool Identities that have no entry local or domain accounts, and hence no "Current User" cert store or HKCU registry entries.

References

This provides details for the wiki page Web Site Security.

IIS Security Practices

Contents

Full Title or Meme

Context

Solutions

Application Pool Identities

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links