Internet Information Services (IIS)

The article "Ensuring website safety" is provided by Sophos Plc and SophosLabs.

December 2007

IIS is a Microsoft Windows component, popular and common due to the simple configuration of the web server.

However, when deploying it, remember the following:

  • Disable unused services installed by default (for example, FTP or SMTP).

    Disable the directory browsing feature if it isn't necessary, because it lets the visitors see which files are used by the system.

  • Disable all unused FrontPage server extensions. Install all IIS updates in time. To do it, you can turn on automatic updates using the Windows Control Panel.