...

• Adequate backup

• Monitoring of SQL and IIS worker process

• Virus protection and IT-security setup

• Ensure client has a test environment

• Ensure client understands down time procedures

• Organisation for handling incidents and changes

Security

Tilde Short File/Folder Name Disclosure

If IIS accept short filenames, a user may try to break security by testing different file names. Two actions are suggested for this issue.

1. Discard or filter all web requests including a tilde "~" character. The most recommended prevention technique is to apply a filtering rule in the firewall for all ~ (tilde) and Unicode encoded equivalences sent in the URL path to the server. If such a rule cannot be applied, URL rewrite should be used instead.

2. An alternativ is to discard all web requests using the tilde character by adding a registry key named NtfsDisable8dot3NameCreation to HKLM\SYSTEM\CurrentControlSet\Control\FileSystem. Set the value of the key to 1 to mitigate all 8.3 name conventions on the server. Please refer to https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/stop-error-code-0x00000019