MicroSoft IIS on NT and Windows 2000 has become a fixture in business critical Internet web server applications. This hardening exercise is customized to specifically address IIS security issues along with those of the underlying Windows OS platform.
The IIS hardening applies to patches, fixes, registry modifications and removal of unused services in order to reduce the risk associated with today's highly prevalent Web exploits.
Hardening of the underlying OS platform is identical to that addressed in our "Hardening NT4.0 and Windows 2000 Servers" offering. An IIS Server Hardening Assignment, including documentation, is typically 3 person-days in duration. Some economies can be had in multiple server projects; all Hardening assignments need to be analyzed prior to the generation of a cost estimate.
