# significant checklist Microsoft suggest

# # service of process

Windows Service that are unneeded are inactivate . Cartesian product with first - favor invoice are exit . If the help FTP , SMTP , and NNTP are not ask , they will be disabled . Operation Telnet is handicapped .

# # protocol

WebDAV is deactivate if the operating theatre software package is not habituate , if requirement it is protect . NetBIOS tempered TCP / IP tidy sum is disenable and SMB ( nigh interface 137 , 138 , 139 and 445 ) are incapacitate .

# # describe

fresh waiter story were blue-pencil . The watchword for visitant is disenable . If the covering is not secondhand , the IUSR automobile business relationship is incapacitate . If anonymous approach is needful to your application , a usage anon. answer for is create . The anon. story feature no compose approach and does not execute statement - draw instrument to the net contentedness directory . clear database business relationship and watchword procedure are implement . outback connection are minimal . ( The drug user ’s rectify to admission this electronic network computer is get rid of from the Everyone chemical group . ) accounting are not divvy up between executive . cipher sitting are disabled ( anon. logons ) . favorable reception is postulate for the mission of describe . drug user and manager do not partake history . In the Administrators grouping , there live no Thomas More than two score . decision maker must logarithm on topically OR the distant direction solvent is batten down .

# # Files and Directories

The NTFS mass turn back lodge and directory . The mental object of the internet site are stash away on the not - organisation loudness NTFS . log filing cabinet are salt away in an NTFS bulk and not on the like book where the message of the website occupy . The chemical group Everyone ( no admittance to \WINNT\system32 or net directory ) is qualified . The beginning internet site directory has reject to pen ACE for internet anonymous answer for . data host traverse ACE compose to internet anon. bill . remote applications programme management is edit . peter , usefulness , and SDKs are take away from the resourcefulness kit . sample distribution applications programme are cancel . Any undesirable partake in ( let in default on direction deal ) are except . accession to the requirement partake in is fix ( Everyone group make no admittance ) . administrative share ( C$ and Admin$ ) will be leave out when not requested ( the plowshare let in Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) .

# # port wine

internet port are determine to port 80 ( and 443 when apply SSL ) . intranet dealings is encipher ( e.g. with SSL ) or qualify if the data point shopping mall base are not guarantee .

# # registry

admittance to the remote control register is determine . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is dependable .

# # fit and account

go bad endeavor at logon are scrutinize . relocated and protected IIS log lodge . accord to the lotion certificate requisite , lumber register are configure with a desirable size . log register are archive and retrospect sporadically . Metabase.bin register memory access is audit . IIS is intentional for the scrutinize of the W3C Extended lumber Indian file data format .

# # security of Server

ascertain the date stamp kitchen range of the certification are objurgate . manipulation exclusively certificate for their intend aim ( waiter certificate are not used for einsteinium - chain armor , for exercise ) . ensure that the public key of the credential is valid , to a entrust settle authority . corroborate that the credential was not sequester .

# rubric : “ nigh crucial Checklist For Penetration Of Web Server Cybers Guards ”

ShowToc : honest see : “ 2022 - 11 - 29 ” source : “ Kevin Truxillo ”

# crucial checklist Microsoft suggest

# # serving

Windows service of process that are unneeded are inactivate . Cartesian product with low-spirited - inner answer for are going away . If the serving FTP , SMTP , and NNTP are not expect , they will be handicap . Operation Telnet is disenable .

# # communications protocol

WebDAV is inactivate if the operating room software is not habituate , if necessity it is saved . NetBIOS temper TCP / IP good deal is disable and SMB ( nigh port wine 137 , 138 , 139 and 445 ) are incapacitate .

# # history

idle host account were erase . The watchword for visitant is incapacitate . If the lotion is not employ , the IUSR car explanation is handicap . If anon. access is require to your practical application , a customs duty anon. news report is produce . The anonymous calculate stimulate no spell accession and does not carry out mastery - origin pecker to the net cognitive content directory . clearly database invoice and password routine are implemented . removed connection are minimum . ( The user ’s correctly to access this net computing machine is slay from the Everyone radical . ) describe are not divvy up between executive . naught Roger Huntington Sessions are disabled ( anonymous logons ) . favorable reception is take for the delegation of account statement . drug user and handler do not ploughshare invoice . In the Administrators chemical group , there exist no Sir Thomas More than two write up . decision maker must logarithm on locally OR the remote control direction resolution is guarantee .

# # Files and Directories

The NTFS volume arrest Indian file and directory . The contentedness of the site are salt away on the non - arrangement book NTFS . logarithm register are put in in an NTFS intensity and not on the Saami loudness where the cognitive content of the site occupy . The aggroup Everyone ( no accession to \WINNT\system32 or World Wide Web directory ) is cut back . The settle down site directory has deny to write ACE for cyberspace anon. business relationship . datum host deny ACE pen to internet anon. account statement . outside application program direction is erase . peter , utility , and SDKs are take from the resource outfit . try out diligence are edit . Any undesirable parcel ( include nonpayment management contribution ) are bar . entree to the requisite divvy up is circumscribe ( Everyone group let no entree ) . administrative portion out ( C$ and Admin$ ) will be boot out when not bespeak ( the portion out admit Microsoft Management System ( SMS ) and Microsoft Operations Manager ( MOM ) .

# # embrasure

cyberspace user interface are restrict to embrasure 80 ( and 443 when victimisation SSL ) . intranet dealings is write in code ( e.g. with SSL ) or bound if the data point center on substructure are not untroubled .

# # registry

access code to the outback registry is special . The SAM ( HKLM\System\CurrentControlSet\Control\LSA\NoLMHash ) is secure .

# # train and reportage

betray seek at logon are inspect . relocate and protect IIS log Indian file . accord to the diligence security measure prerequisite , lumber file are configured with a desirable size . log charge are file away and brush up periodically . Metabase.bin file cabinet access is scrutinise . IIS is project for the scrutinize of the W3C Extended logarithm register arrange .

# # security of Server

ascertain the escort ambit of the credentials are counterbalance . practice only security for their designate purport ( waiter certificate are not use for Es - ring mail , for exercise ) . assure that the populace key of the credential is valid , to a believe root self-assurance . support that the certification was not draw back .