Improving Web Application Security: Threats and Countermeasures

Dos and Don'ts

• Do use a dedicated machine as a Web server.

• Do physically protect the Web server machine in a secure machine room.

• Do configure a separate anonymous user account for each application, if you host multiple Web applications,

• Do not install the IIS server on a domain controller.

• Do not connect an IIS Server to the Internet until it is fully hardened .

• Do not allow anyone to locally log on to the machine except for the administrator.