Securing IIS7 - Windows Server 2008 Security Guide
Windows Server 2008 Security Guide is out.
It covers many crucial aspects but my favorite of course is IIS7 chapter:
Chapter 6: Hardening Web Services
This chapter provides prescriptive guidance for hardening the Web Server role. The chapter discusses how the Web server role installs Microsoft® Internet Information Services (IIS) 7.0, which has been redesigned into forty modular components that you can choose to install as needed.
It points to the following resources:
- IIS 7.0: Configuring Authentication in IIS 7.0
- IIS 7.0: Configuring IPv4 Address and Domain Name Rules
- IIS 7.0: Configuring URL Authorization Rules in IIS 7.0
- IIS 7.0: Configuring Server Certificates in IIS 7.0
- IIS 7.0: Configuring ISAPI and CGI Restrictions in IIS 7.0
- IIS 7.0: Configuring Secure Sockets Layer in IIS 7.0
- IIS 7.0: Configuring Request Filters
- IIS 7.0: Configuring Shared Configuration
- How to Setup SSL on IIS7.
- How to Use Request Filtering.
- Improving Web Application Security: Threats and Countermeasures.
- IIS 7.0: Configure Web Server Security.
- Server Core Installation Option of Windows Server 2008 Step-By-Step Guide.
- Windows Management Instrumentation.
- Windows Server 2008 Technical Library.
- Understanding IIS7 URL Authorization.