![install spiceworks to iis install spiceworks to iis](https://i.ytimg.com/vi/pPcWwBcL4Bo/sddefault.jpg)
Ensure 'maxAllowedContentLength' is configuredĤ.2. Request Filtering and other Restriction ModulesĤ.1. Ensure 'cookies' are set with HttpOnly attributeģ.8. Ensure 'httpcookie' mode is configured for session stateģ.7. Ensure ASP.NET stack tracing is not enabledģ.6. Ensure IIS HTTP detailed errors are hidden from displaying remotelyģ.5. Ensure custom error messages are not offģ.4. Ensure 'deployment method retail' is setģ.3. Ensure 'credentials' are not stored in configuration filesģ.1. Ensure 'passwordFormat' is not set to clearĢ.8. Ensure transport layer security for 'basic authentication' is configuredĢ.7. Ensure 'cookie protection mode' is configured for forms authenticationĢ.6. Ensure 'forms authentication' is set to use cookiesĢ.5.
![install spiceworks to iis install spiceworks to iis](https://content.spiceworksstatic.com/service.community/p/how_to_step_attachments/0000082515/542c7c1c/attached_file/IISAddsite.png)
Ensure 'forms authentication' requires SSLĢ.4. Ensure access to sensitive site features is restricted to authenticated principals onlyĢ.3. Ensure 'global authorization rule' is set to restrict accessĢ.2. Configure Authentication and AuthorizationĢ.1. Ensure 'application pool identity' is configured for anonymous user identityĢ. Ensure 'unique application pools' is set for sitesġ.6. Ensure 'Application pool identity' is configured for all application poolsġ.5. Ensure 'directory browsing' is set to disabledġ.4. Ensure 'host headers' are on all sitesġ.3. Ensure web content is on non-system partitionġ.2. Table 1.1: High Level Center for Internet Security IIS 10 Security Controlsġ.1.
#Install spiceworks to iis how to#
For more detail on how to implement and check each security control, download the CIS IIS 10 benchmark file from the above website. Table 1.1 provides a high level list of the CIS IIS 10 benchmarks.
![install spiceworks to iis install spiceworks to iis](https://content.spiceworksstatic.com/service.community/p/how_to_step_attachments/0000082517/542c7c58/attached_file/IISAddRedirect.png)
The OWASP guide is shorter and provides approximately 23 separate security recommendations.
#Install spiceworks to iis pdf#
The CIS IIS 10 benchmark is more fleshed out at the time of writing and is an approximately 140 page PDF with 55 separate security recommendations.