Configure MachineKey Validation Method – .Net 3.5 – Applications
Details The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. The...
- Home
- Security Hardening
- CIS IIS 8.0 V1.5.0 L1
CIS IIS 8.0 V1.5.0 L1
Configure MachineKey Validation Method – .Net 3.5 – Default
Details The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. The...Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only – Applications
Details IIS supports both challenge-based and login redirection-based authentication methods. Challenge-based authentication methods, such as Integrated Windows Authentication, require a...Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only – Default
Details IIS supports both challenge-based and login redirection-based authentication methods. Challenge-based authentication methods, such as Integrated Windows Authentication, require a...Ensure Advanced IIS logging is enabled
Details IIS Advanced Logging is a module which provides flexibility in logging requests and client data. It provides controls that...Ensure ‘application pool identity’ is configured for all application pools
Details Application Pool Identities are the actual users/authorities that will run the worker process – w3wp.exe. Assigning the correct user...Ensure ‘application pool identity’ is configured for anonymous user identity
Details To achieve isolation in IIS, application pools can be run as separate identities. IIS can be configured to automatically...Ensure ‘cookie protection mode’ is configured for forms authentication – Applications
Details The cookie protection mode defines the protection Forms Authentication cookies will be given within a configured application. The four...Ensure ‘cookie protection mode’ is configured for forms authentication – Default
Details The cookie protection mode defines the protection Forms Authentication cookies will be given within a configured application. The four...Ensure ‘cookie protection mode’ is configured for forms authentication – Not Enabled
Details The cookie protection mode defines the protection Forms Authentication cookies will be given within a configured application. The four...