A very good how-to guide has been written by Jason. The guide will try to help administrators secure their IIS installation. Before diving into the systematic hardening instructions, the guide will try to explain the following:
* The different threats
* The current available tools (referred as "Hacking Tools", i.e. non-commercial tools) in the market
* The architecture used by IIS (the different components from which IIS is built from)
From there the guide will explain the most important of all, the different methods with which you can harden your IIS installation.
Introduction:
This is a book about how to secure Microsoft Internet Information Services for administrators and programmers whose work includes a requirement for information security, a computer industry specialty field commonly referred to as infosec. In this book, the terms information security and infosec are used interchangeably with the more friendly term data security. This is not a book about hacking, cracking, and the tools and techniques of the bad guys, the so-called black hat hackers. This book teaches computer professionals and infosec specialists how to build secure solutions using IIS. It is your duty to secure and defend networked information systems for the benefit of the good people who are your end users, clients, or less technical coworkers.
