Checklist: How to Hardening IIS Servers

Web  site and application code is becoming progressively more intricate. Dynamic Web sites and applications might contain defective code that leaks memory or causes errors such as access violations. Therefore, a Web server Application must be able to handle active manager of the application and able to handle runtime error and detect send response automatically to application server.

Microsoft includes unique capabilities for server administrators intended to appeal to Internet service providers (ISPs). It includes a single window (or “console”) from which all services and users can be administered. It’s intended to be simple to add components as snap-ins that you didn’t at first install. The administrative windows can be customized for access by individual custom

Use the following checklists given below to ensure that you have correctly implemented all security settings and actions given

Configuring Active Directory IIS Server OU Structure

Create the IIS Servers OU. Create the Incremental IIS Server Policy Link the GPO to the IIS Servers OU Import the security template for the corresponding client environment into the newly created GPO. IIS Server Hardening Steps:

Install and configure Windows Server 2003.

Install and configure IIS services: Install only necessary IIS components. Enable Only Essential Web Service Extensions. Place Content on a Dedicated Disk Volume. Configure NTFS permissions. Configure IIS Web Site permissions. Configure IIS logging.

Apply any required service packs and/or updates.

Install and configure a virus protection solution.

Install and configure MOM agents or similar monitoring solution as required.

Move appropriate server to the corresponding IIS Servers OU.

Secure well-known accounts           Rename the built-in Administrator account, assign a complex password. Ensure      Guest account is disabled. Change default account description.

Secure services accounts.

Consider implementing IPSec Filters.

Verify Incremental IIS Server Policy has replicated between domain controllers.

Run GPUPDATE.EXE /FORCE.

Restart the server.

Check the Event Logs for errors.

A Checklist for Moving Your Site to a New Server

If you have decided to move your website to a new hosting company, there are many different things that will need your attention to ensure a smooth and seamless transition. Here is a handy checklist to help you make this transition even easier.

1. Coordinate your switch. If you have a month-to-month hosting account, try to purchase your new hosting package about a week before your old account will expire. This will save you from paying for two hosting packages in one month, but still give you enough time to get everything done. However, if you need more time, than you may need to have more of an overlap.

2. Back-up all of your data. This is the most important thing to do when you are moving your server. Unless your new host offers a transferring feature, you will need to take care of all of this yourself. You will need to save all of your data to your computer’s hard drive, including any directories that may contain scripts, images, or other important information.

3. Check on your paths. If your new server has a different path to perl or a different way of handling PHP or CGI, you may need to tweak your current scripts to make sure that they function correctly.

You may also need to check your SQL paths to make sure that they are up-to-date. Each host handles SQL creation differently, so it is important to make sure that your script files contain the correct information.

4. Back-up your SQL or other databases. If you are on a Unix platform, you can use phpMyAdmin to easily back up the entire contents of your SQL database. If you are on Windows, you may need to use a different method or contact your current host to make sure that it will be saved.

5. Begin transferring files. Once you have your new IP address, you can begin uploading your site’s back-up to your new server. If you do this right away, there will be less downtime during the switch.

If you have scripts that call certain directories, make sure that you name the new directories on your new server so that they will match. Don’t forget to upload the contents of the directories you have backed-up from your old server.

6. Load your database back-ups on your new server. This will be the reverse of step 4. Most databases offer the ability to easily add your existing data to your new account.

7. Change your nameserver. Once you have all of your data on the new server, you can change you nameserver with your domain name registrar to reflect your site’s new home.

8. Thoroughly check all of the files on your site. Make sure that there are no dead links or scripts that are not functioning correctly.

Although transferring is never easy, with a little work on your part, you can make it through with the least amount of hassle and the least amount of downtime for your visitors.

Switch for Japan Premium Hosting – JPstream Internet
http://www.jpstream.net

Web Hosting Checklist – Never Miss a Thing

Before rushing for a web hosting account, you need to check the following features which are important for any web hosting account. Many people overlook this features and pay the price later. So here are the important features you need to check with your hosting company before paying for it.

Technical Support

Technical support is one of the most important factor you need to consider when a choosing a web host. Test different companies before you sign up by sending them an email with a question or two. If they respond quickly, this is a good sign.

Uptime

The more uptime they guarantee, the better. 99% uptime is the minimum acceptable standard. Look for 99% plus guaranteed uptime. 1% of uptime is about 87 hours in a year.

Disk Space

Decide how much disk space you will require. A basic web site with few images and about 10 to 20 pages will not take up much web space . If you require a lot of graphics or multimedia or you need to store a lot of information, you will need a bit higher disk space. Again you can increase your web space as required with almost all the hosts by paying the extra charges.

Data Transfer

This factor is usually overlooked until the data transfer limit is reached. If you go over your alloted data transfer, you will get a hefty bill. If you are running a site with lots of downloads, or a site with lots of images such at a photo post site, your data transfer will be higher than a site with mainly text. The average website uses less than 200MB of bandwidth per month.

Scripting Languages support

If you using a scripting language to output your html, you need to check whether the plan has support for that script. You will need a windows hosting plan only if you are using microsoft scripting languages like asp and asp.net.

CGI Bin

This is now standard feature with almost all hosting companies. If you do not have access to your own CGI Bin, you cannot install your own cgi scripts and programs.

Perl

If you do not have Perl, you cannot run Perl Programs. Many good scripts that you buy or get for free are written in Perl. In my opinion, it would be a limitation not to have the latest version of Perl installed

SSI

Server Side Includes are great if you want to spend minimal time updating your site. Again this feature is provided by many hosts.

FTP Access

Unlimited and unrestricted FTP access to your site is essential. You will need an FTP program to transfer files from your computer to the server.

Statistics Program

A good stats program is handy if you want to keep an eye on how many visitors you are getting, where they are coming from, referrers, top entry and exit pages and so on. Some companies offer excellent stats programs as standard while others offer basic stats but you have to pay extra for advanced statistics.