Ensure global .NET trust level is configured – Default
Details This only applies to .Net 2.0. Future versions have stopped supporting this feature. An application’s trust level determines the...
- Home
- Security Hardening
- CIS IIS 8.0 V1.5.0 L1
CIS IIS 8.0 V1.5.0 L1
Ensure Handler is not granted Write and Script/Execute – Applications
Details Handler mappings can be configured to give permissions to Read, Write, Script, or Execute depending on what the use...Ensure Handler is not granted Write and Script/Execute – Default
Details Handler mappings can be configured to give permissions to Read, Write, Script, or Execute depending on what the use...Ensure ‘host headers’ are on all sites
Details Host headers provide the ability to host multiple websites on the same IP address and port. It is recommended...Ensure ‘HTTP Trace Method’ is disabled – Applications
Details The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers...Ensure ‘HTTP Trace Method’ is disabled – Default
Details The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers...Ensure IIS HTTP detailed errors are hidden from displaying remotely – Applications
Details A Web site’s error pages are often set to show detailed error information for troubleshooting purposes during testing or...Ensure IIS HTTP detailed errors are hidden from displaying remotely – Default
Details A Web site’s error pages are often set to show detailed error information for troubleshooting purposes during testing or...Ensure ‘MachineKey validation method – .Net 4.5’ is configured
Details The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. The...Ensure ‘MachineKey validation method – .Net 4.5’ is configured – Applications
Details The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. The...