Secure and harden Internet Information Services

Module
6 Units

Intermediate

Administrator

Windows Server

This module covers how to implement security best practices for Internet Information Services (IIS) and web applications on Windows Server. It covers configuring authentication, authorization, and other settings that protect the server and websites.

Learning objectives

After completing this module, you'll be able to:

Configure IIS authentication modes
Implement IIS authorization rules to control access to web content
Harden an IIS server by removing unused features, disabling directory browsing, and isolating sites
Configure request filtering to block malicious request patterns before they reach web applications
Install and bind SSL/TLS certificates to configure HTTPS
Enforce TLS 1.2 and TLS 1.3 while disabling deprecated protocols and weak cipher suites

Prerequisites

Basic understanding of Windows Server and its roles and features
Familiarity with web servers and their purpose

Introduction min
Authentication and authorization min
Server and website hardening min
HTTPS and TLS configuration min
Knowledge check min
Summary min

Start