Versions Compared

Old Version 2

changes.mady.by.user Shafi Miah

Saved on

compared with

New Version Current

changes.mady.by.user Mattias Löfstrand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Make sure that the short file name does not allowed on server. You ca do do by edit the registry. Search regedit in windows server- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

Find key NtfsDisable8dot3NameCreation and double click to set the value to 1. This will prohibit hacker to directory traversal with short file name.

Then take the following steps,

  1. Open IIS- Double click request filtering.

...

2. Add deny sequence(eg. Tilde, backslash etc) for the url

...

3. Now again go to the error pages- double click

...

4. For the error code click edit feature code and then check custom error pages instead of detail error page and select the custom error page location.

...

Note

Review Microsoft’s latest policies and recommendations for Windows Servers, IIS, Azure and ohter components and infrastructure used for an installation.

Service account

Info

It is recommended to use a service account for IIS instead of LocalSystem.

IIS settings

Child pages (Children Display)

Default passwords

  • Check and change default password of web viewer and webadmin page of web viewer

  • Check and change default passwords of api endpoints

Other security aspects to consider

https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/546963458/Technical+instruction+-+Installing+application+on+Windows+Server#Other-Apps-on-Server

https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/546963458/Technical+instruction+-+Installing+application+on+Windows+Server#Security