Versions Compared

Old Version 5

changes.mady.by.user Mattias Löfstrand

Saved on

compared with

New Version Current

changes.mady.by.user Mattias Löfstrand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Review Microsoft’s latest policies and recommendations for Windows Servers, IIS, Azure and ohter components and infrastructure used for an installation.

Service account

Info

It is recommended to use a service account for IIS instead of LocalSystem.

Prevent directory traversal

Make sure that the short file name is not allowed on the server. This is achieved by editing the registry.

  1. Search regedit in windows server

  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

  3. Find key NtfsDisable8dot3NameCreation

  4. Double click to set the value to 1

This will prohibit hackers to do directory traversal with short file name.

Set IIS URL filtering

Set up IIS to filter URLs on forbidden characters.

  1. Open IIS- Double click request filtering.

    Image Removed

  2. Add deny sequence (eg. tilde, backslash etc) for the url

...

IIS error pages not to display error information

  1. Go to the error pages - double click

    Image Removed

  2. For the error code click edit feature code and then check custom error pages instead of detail error page and select the custom error page location.

...

IIS settings

Child pages (Children Display)

Default passwords

  • Check and change default password of web viewer and webadmin page of web viewer

  • Check and change default passwords of api endpoints

Other security aspects to consider

https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/546963458/Technical+instruction+-+Installing+application+on+Windows+Server#Other-Apps-on-Server

https://signifikant.atlassian.net/wiki/spaces/ASKB/pages/546963458/Technical+instruction+-+Installing+application+on+Windows+Server#Security