Platform Security Checklist
There are several ways to enhance the security of a computer publishing information on an intranet or the Internet. If you have concerns about the security of your system, review this checklist to determine if aspects of your security could be improved.
.gif "Ee825139.note(en-US,CS.10).gif")
Note
- For highly sensitive information, you should seek the assistance of a professional security consulting firm. A consulting firm can help you establish proper security policies and procedures.
Windows Security
Internet Information Services Security
Physical Security
Personnel Security
Windows Security
The security features in Commerce Server are built upon those in Windows. The following settings in Windows will help make your Web site secure.
File System
| Action | Reason | |
| ? | Use NTFS | The NTFS system is more secure than the FAT system. For information about converting your computer's hard disk from FAT to NTFS, see the Windows documentation. |
| ? | Review directory permissions | By default, Windows creates new folders and assigns Full Control permissions to the Everyone group. |
| ? | Set access control for the IUSR_computername account | This will help limit the access anonymous users have to your computer. |
| ? | Store executable files in a separate directory | This makes it easier to assign access permissions and auditing. |
| ? | Check NTFS permissions on network drives | By default, Windows creates new shared resources and assigns Full Control permissions to the Everyone group. |
User Accounts
| Action | Reason | |
| ? | Review user accounts often | Check for new accounts that were not created by a valid administrator. Review the rights given to the IUSR_computername account. All users gaining anonymous access to your site have the rights assigned to this account. You can also use auditing to monitor when and by whom security policies are changed. |
| ? | Choose difficult passwords | Passwords are more difficult to guess if they consist of a combination of lowercase and uppercase letters, numbers, and special characters. |
| ? | Maintain strict account policies | Keep track of what types of access are given to important user accounts and groups. This includes knowing who has the ability to change security policies. |
| ? | Limit the membership of the Administrators group | This group typically has full access to the computer. |
| ? | Assign a password to the Administrator account | By default the password used for the Administrator's account is blank. To improve security, set a difficult password for this account, as discussed earlier. |
Services and Other Issues
| Action | Reason | |
| ? | Run minimal services | Run only the services that are absolutely neccessary for your purposes. Each additional service that you run presents an entry point for malicious attacks. For more information about services and security, see the Microsoft Windows 2000 Server Resource Kit. |
| ? | Do not use PDC as a server | The primary domain controller (PDC) is constantly processing authentication requests. Running a Web service on the PDC will decrease performance. It could also expose your PDC to attacks that could render your entire network non-secure. |
| ? | Enable auditing | Auditing is a very valuable tool for tracking access to secure or critical files. Auditing can also be used for tracking server events, such as a change in your security policy. Audit logs can be archived for later use. |
| ? | Use encryption if administering your computer remotely | Typically, remote administration involves the exchange of sensitive information, such as the password for the Administrator's account. To protect this information over open networks, use Secured Sockets Layer (SSL) encryption. |
| ? | Use a low–level account to browse the Internet | Using the Administrator, Power User, or another highly-privileged account to browse the Internet can potentially open entry points on your computer for attacks. Likewise, never browse the Internet from the primary domain controller (PDC). |
| ? | Back up vital files and the registry often | No security effort can guarantee data safety. For more information, see the Microsoft Windows 2000 Server Resource Kit. |
| ? | Run virus checks regularly | Any computer on an open network is susceptible to computer viruses. Regular checkups can help avoid unnecessary data loss. |
| ? | Unbind unnecessary services from your Internet adapter cards | Warning Be sure to check with your system administrator before unbinding services, because this could have undesirable effects on other users of your system. |
Internet Information Services Security
IIS provides frontline security for your Web site, including authentication and Web permissions.
Authentication
| Action | Reason | |
| ? | Use most secure form of authentication possible | Use the most secure form of authentication that your clients support. For example, integrated Windows authentication and Digest authentication are more secure than Basic authentication. Client certificates can also be used for highly secure authentication. |
| ? | One-to-one mapping versus many-to-one mapping | You can use either or both of these methods to map client certificates to Windows user accounts. One-to-one mapping offers a higher level of certainty, but requires a copy of the client certificate to be stored on the server. Many-to-one mapping is easier to implement and does not require a copy of the certificate to be stored on the server. |
Web Permissions
| Action | Reason | |
| ? | Synchronize Web and NTFS permissions | If Web permissions and NTFS permissions are not synchronized, the more restrictive of the two is used. Synchronization can be done manually, or by using the Permissions Wizard. |
| ? | Use IP address restriction if administering IIS remotely | For more information, see "Granting and Denying Access to Computers" in the IIS Documentation. |
| ? | Use the most restrictive permission possible | For example, if your Web site is used only for viewing information, assign only Read permissions. If a directory or site contains ASP applications, assign Scripts Only permissions instead of Scripts and Executables permissions. For more information, see "Setting Web Server Permissions" in the IIS Documentation. |
| ? | Write and Scripts and Executable permissions | Use this combination with extreme caution. It can allow someone to upload potentially dangerous executable files to your server and run them. For more information, see "Setting Web Server Permissions" in the IIS Documentation. |
Physical Security
| Action | Reason | |
| ? | Lock the workstation when away | When you are not at the computer, lock the desktop by pressing the shortcut keys CTRL + ALT + DELETE, and selecting Lock Workstation. |
| ? | Use a password-protected screen saver | The time delay should be short so that no one can use the computer after you leave. The screen saver should be blank; animated screen savers can decrease server performance. |
| ? | Lock up the computer | Keep the computer locked in a secure room in order to reduce the chance of access by malicious individuals. |
Personnel Security
| Action | Reason | |
| ? | Use different Administrator accounts | Each individual who has administrative privileges should be given a distinct user account and password. This will make it easier to track any changes that are made. |
| ? | Use non-disclosure agreements | Further accountability can be enforced by using non-disclosure agreements. |
| ? | Periodically reassign accounts | To lower the risk of user account information being compromised, assign new user accounts to personnel with Administrator or other high-level privileges. |
| ? | Quickly delete unused accounts | This will lower the risk of a disgruntled former employee or vendor gaining access to your network. |