IIS Security Implementation‐Class Lab - ConnorEast/Tech-Journal GitHub Wiki

IIS Security Implementation-Class Lab

Enabling Logging

Description: Logging is essentially when your system puts together a list of all of the actions that occur on a device or on a service run by said system. This is typically saved in a readible file so actions done on a machine can easily be found. In the case of IIS this can be found under the %SystemDrive%\inetpub\logs\LogFiles directory. Its main use is to improve the security of your system due to the fact security minded individuals can confirm what should and should not be available on their systems. Screenshots:

Disable Directory Browsing

Description: Directory browsing, shows all of the directories present for a server. This is bad because any individual can gain access to the list of all of the sites held under a specific address. This allows for hackers to gain information about your server which allows for multiple different forms of attacks. In the end just confirm this has been set to off.
Screenshot:

TLS Cipher Suite Configuration

Description: This essentially works by allowing the server to use cyphers to create keys and encrypt information with said keys. This protects the servers confidentiality and integrity by decreasing the likelihood of tampering.
Screenshot:

Issue and Install an SSL certificate

Description: Using a mixture of steps from this document as and This document create a CA cert and attach it to the website. The main purpose of the SSL certificate is to allow for HTTPS. HTTPS is a securer version of http.
Screenshot: