This appendix lists some recommendations and best practices to secure a server on the Web running Microsoft Windows 2000 and Internet Information Services (IIS) 5. The settings err on the side of security over functionality, and hence it's important that you carefully review the suggestions below and use them to derive your own corporate settings.
Those of you familiar with the Internet Information Server 4 checklist will notice that this list is much shorter than that checklist. This is due to two reasons:
The rest of this chapter is broken into the following parts: