SECURITY (Sol Tzvi):
iis: close webdav Q241520
take admin shares: Q318751
adsutil set w3svc /UseHostName True
net stop iisadmin /y
net start w3svc
close anonomous
install urlscan, close script access
filter the net card: permit only 80,443
add w3c log at different partition than iis
run mbsa
disable IUSER_MACHINE user (xcals.exe,cals.exe)
make a few directories, disable : ftp,smtp,nntp,netbios (for outside)
server:
close services: dhcp client,network dde,ras,telnet,ftp,alerter,
computer browser,ics,clibook,messenger,telnet,print spooler,runas,
windows instaler,delete: posix.exe,os2.exe
make account name as administrator. and make administrator a
regular account use: admnock /e
remove: access this computer from the network
close guest account, check that autologin not available
remove $ipc,$c
check by MBSA
|