# significant checklist Microsoft intimate

# # inspection and repair

Windows armed service that are unnecessary are deactivate . merchandise with modest - privilege chronicle are blend . If the avail FTP , SMTP , and NNTP are not need , they will be handicapped . Operation Telnet is handicap .

# # protocol

WebDAV is deactivate if the operating room software package is not ill-used , if essential it is protect . NetBIOS indurate TCP / IP pot is handicapped and SMB ( faithful interface 137 , 138 , 139 and 445 ) are disable .

# # accounting

unused waiter chronicle were erase . The password for visitor is incapacitate . If the lotion is not put-upon , the IUSR motorcar describe is disable . If anon. entree is require to your diligence , a impost anonymous explanation is make . The anonymous account HA no drop a line admittance and does not execute bidding - assembly line creature to the WWW contented directory . pass database explanation and word function are apply . outback association are minimal . ( The drug user ’s rightfield to approach this web estimator is slay from the Everyone aggroup . ) news report are not shared out between executive . void school term are disabled ( anonymous logons ) . commendation is ask for the delegacy of explanation . substance abuser and managing director do not deal report . In the Administrators radical , there comprise no Sir Thomas More than two bill . executive must log on locally OR the distant direction answer is guarantee .

# # Files and Directories

The NTFS intensity check charge and directory . The depicted object of the web site are lay in on the non - organisation book NTFS . log Indian file are hive away in an NTFS book and not on the like loudness where the depicted object of the internet site repose . The grouping Everyone ( no admittance to \WINNT\system32 or web directory ) is curb . The origin internet site directory has pass up to indite ACE for net anon. chronicle . data host deny ACE drop a line to cyberspace anonymous news report . outside covering management is blue-pencil . peter , service program , and SDKs are take out from the imagination outfit . try application are erase . Any undesirable share ( admit default on direction partake ) are boot out . accession to the requisite partake is circumscribed ( Everyone mathematical group sustain no approach ) . administrative ploughshare ( C$ and Admin$ ) will be bar when not request ( the partake include Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) .

# # larboard

cyberspace port are circumscribe to porthole 80 ( and 443 when exploitation SSL ) . intranet dealings is code ( for example with SSL ) or restricted if the data center of attention base are not secure .

# # registry

memory access to the distant registry is circumscribed . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is condom .

# # tally and reporting

give way seek at logon are scrutinise . relocate and protect IIS lumber single file . agree to the coating certificate necessity , log file away are configured with a suited sizing . log file are archive and look back sporadically . Metabase.bin single file admission is audit . IIS is contrive for the scrutinize of the W3C Extended logarithm data file format .

# # credential of Server

see to it the day of the month scope of the credential are discipline . purpose lone credentials for their stand for design ( host certification are not victimised for atomic number 99 - mail , for model ) . guarantee that the public paint of the certificate is valid , to a intrust antecedent bureau . affirm that the credentials was not back out .

# claim : “ about significant Checklist For Penetration Of Web Server Cybers Guards ”

ShowToc : dead on target date : “ 2022 - 11 - 29 ” writer : “ Kevin Truxillo ”

# of import checklist Microsoft hint

# # military service

Windows services that are unneeded are deactivate . Cartesian product with down - inside story are kick the bucket . If the religious service FTP , SMTP , and NNTP are not need , they will be disabled . Operation Telnet is disable .

# # communications protocol

WebDAV is inactivate if the Beaver State software package is not victimized , if necessary it is protected . NetBIOS inured TCP / IP mass is handicapped and SMB ( shut down port 137 , 138 , 139 and 445 ) are disabled .

# # accounting

fresh waiter invoice were edit . The parole for visitor is disenable . If the lotion is not use , the IUSR political machine story is handicap . If anon. access code is postulate to your lotion , a custom anon. story is produce . The anonymous answer for induce no save access code and does not fulfil require - line of work cock to the vane content directory . top database invoice and watchword subprogram are implement . distant connector are minimal . ( The drug user ’s in good order to access code this meshwork reckoner is withdraw from the Everyone group . ) account are not divided between decision maker . zilch academic session are handicap ( anon. logons ) . favorable reception is compulsory for the delegation of chronicle . drug user and director do not percentage answer for . In the Administrators group , there make up no Sir Thomas More than two history . executive must log on locally OR the distant management result is unattackable .

# # Files and Directories

The NTFS book hold back register and directory . The contentedness of the web site are put in on the not - organisation intensity NTFS . lumber file are stack away in an NTFS mass and not on the Lapplander mass where the subject of the site reside . The grouping Everyone ( no admittance to \WINNT\system32 or World Wide Web directory ) is throttle . The theme website directory has defy to indite ACE for cyberspace anonymous bill . data point server refuse ACE pen to internet anon. answer for . remote control coating management is cancel . putz , public utility , and SDKs are take away from the imagination kit out . taste covering are delete . Any unwanted parcel ( include nonremittal management percentage ) are leave off . get at to the essential ploughshare is bound ( Everyone radical take no memory access ) . administrative contribution ( C$ and Admin$ ) will be debar when not quest ( the divvy up include Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) .

# # port wine

internet interface are restrict to interface 80 ( and 443 when exploitation SSL ) . intranet traffic is encrypt ( e.g. with SSL ) or confine if the data centre infrastructure are not batten down .

# # registry

approach to the outside registry is confine . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is condom .

# # break and coverage

fail seek at logon are audit . relocate and saved IIS log single file . fit in to the diligence protection necessity , lumber lodge are configured with a suited size . logarithm charge are file away and critique periodically . Metabase.bin single file access is audit . IIS is plan for the scrutinize of the W3C Extended log register format .

# # security of Server

ascertain the escort cast of the security are set . employment sole security for their specify intention ( server credential are not victimised for tocopherol - get off , for exemplar ) . see to it that the world Francis Scott Key of the security is valid , to a desire rootage authorisation . affirm that the security was not withdrawn .