Reputation: 855
How can I protect against inbound malicious website threats on port 80 and 443?
We have a web app that lives on port 80 and 443 on a windows server with IIS.
Everything else is locked down. Physical Firewall with VPN.
What is the name given to attacks that come through the web ports like this?
Are these types of malicious software payloads able to execute on the server if you have no protection?
How can we protect from attacks through IIS on port 80 and 443 of the type below?
(Here we've used malwarebytes but I'd like something with central reporting for several servers if possible)
They look like the sort of malicious software you would be warned about if you clicked a bad link, but in this case they are inbound without you clicking on anything.
Upvotes: 1
Views: 958
Answers (1)
Reputation: 5205
As far as I know, there are many ways to secure iis web server through configuration, for example:
1.Use end-to-end encryption
- If you have reverse proxy and/or load balancer in front of your web servers, prefer to use SSL-bridging instead of SSL-offloading
- Disable older SSL/TLS versions than TLS 1.2
- Disable weak cypher suits
- SSL/TLS and cypher suit settings are server-wide settings, and IIS supports whatever the OS supports. However, for .NET applications check the below article:
Transport Layer Security (TLS) best practices with the .NET Framework:
https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
2.Configure "Request Filtering":
"Allow unlisted file name extensions": Uncheck (allow only the extensions you will use; add "." to allow extensionless requests)
"Allow unlisted verbs": Uncheck (allow only the verbs you will use)
Lower "request limits" if possible
Request Filtering
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/
3.Remove HTTP headers which identifies the server and application. These headers are believed to cause security vulnerability:
- removeServerHeader
- Remove Unwanted HTTP Response Headers
For more ways you can refer to this link: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/iis-best-practices/ba-p/1241577
Upvotes: 1
Related Questions
- State-of-the-art protection against anti-virus in web applications
- How to disable port 80 on IIS while keeping port 443 open?
- Ban IP Address From Constantly Hitting My C# / Azure Website?
- Tracking down hacking/malware attempts
- Recommendations for securing Internet-facing IIS Host?
- IIS7 - Question about blocking all IP addresses from accesing my site
- Protecting websites from the attack of malicious scripts and viruses
- How to deal with malicious web requests
- web page is trying to open a site on your intranet
- IIS Module for Blocking Heavy Site Traffic