Summary
IIS 7.0, much like its predecessor, comes with secure defaults that minimize the risk of exploits against the Web server. As you deploy your applications to the Web server and change configuration, you should familiarize yourself with the configuration and features to make sure that you do not introduce any threats to the Web server. In this chapter, you have reviewed the security changes and new security features in IIS 7.0 that can help you maintain the security of the Web server.
Unfortunately, history has shown that most Web server exploits are directed at the application running on the Web server rather than at the Web server itself. Applications are often tested less rigorously then the Web server features and are often designed with less understanding of the threat vectors that exist for Web-facing applications. Because of this, it is important to perform rigorous threat modeling and security testing at the application layer to minimize application vulnerabilities.
In addition, it is important to take an approach to security that does not depend on specific application threat vectors. IIS 7.0 makes it possible to apply such an approach, by reducing the surface area of the Web server and running the application components with least privilege possible. Together, these two techniques can both minimize the risk of any known or future exploit and reduce the damage if such an exploit does occur. By using the best practices in this chapter, you can successfully apply these techniques to your application to minimize the risk of a security compromise of your Web server.
Finally, be aware that a Web server does not function in a vacuum. It depends on a variety of Windows subsystems for its security and relies on the security of the network and other services around it. Be sure to consider the security of the network overall and related services when designing a secure Web farm.
© Microsoft. All Rights Reserved.