Ensure ‘MachineKey validation method – .Net 4.5’ is configured – Default
Details The machineKey element of the ASP.NET web.config specifies the algorithm and keys that ASP.NET will use for encryption. The...
- Home
- Security Hardening
- CIS IIS 8.0 V1.5.0 L1
CIS IIS 8.0 V1.5.0 L1
Ensure ‘notListedCgisAllowed’ is set to false
Details The notListedCgisAllowed attribute is a server-level setting that is located in the ApplicationHost.config file in the element of the...Ensure ‘notListedIsapisAllowed’ is set to false
Details The notListedIsapisAllowed attribute is a server-level setting that is located in the ApplicationHost.config file in the element of the...Ensure ‘passwordFormat’ is not set to clear
Details Basic Authentication can pass credentials across the network in clear text. It is therefore imperative that the traffic between...Ensure ‘passwordFormat’ is not set to clear – Applications
Details The element of the element allows optional definitions of name and password for IIS Manager User accounts within the...Ensure ‘passwordFormat’ is not set to clear – Default
Details The element of the element allows optional definitions of name and password for IIS Manager User accounts within the...Ensure transport layer security for ‘basic authentication’ is configured
Details Basic Authentication can pass credentials across the network in clear text. It is therefore imperative that the traffic between...Ensure ‘unique application pools’ is set for sites
Details IIS introduced a new security feature called Application Pool Identities that allows Application Pools to be run under unique...Ensure Unlisted File Extensions are not allowed – Applications
Details The FileExtensions Request Filter allows administrators to define specific extensions their web server(s) will allow and disallow. The property...Ensure Unlisted File Extensions are not allowed – Default
Details The FileExtensions Request Filter allows administrators to define specific extensions their web server(s) will allow and disallow. The property...