Insider's guide to IIS Web server security

In this primer, learn about IIS Web server hardening procedures, access control, security policies, and backup and recovery strategies.

Nowadays, Web sites are a key asset to organizations of all sizes, providing information and services to clients, suppliers and employees. Unfortunately, they also open new threats to the enterprise network. In this primer, Michael Cobb, managing director of security consultancy Cobweb Applications Ltd., and author of IIS Security, lays down the groundwork for locking down a Web server before it goes live.

The primer begins with a look a Web server hardening procedures, followed by access control and security policies. He also explains how to secure other network services such as SMTP and FTP, and the best way to prepare recovery plans and backup procedures.

Readers will come away with a checklist to ensure any IIS Web server is secure and ready to handle the online world.


  1. Download the primer: Insider's guide to IIS Web server security (.pdf).
  2. Download the accompanying audio track: Insider's guide to IIS Web server security
This was last published in October 2007

Dig Deeper on Web Server Threats and Countermeasures

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.