TANDBERG TELEPRESENCE MANAGEMENT SUITE SECURE SERVER - CONFIGURATION GUIDE 13.0 Configuration Manual - Securing Iis
Securing IIS
Cisco TMS Secure Server Configuration Guide 13.0
Page 30 of 34
Securing IIS
The IIS configuration installed by Windows 2003 SP2 is preconfigured to run as a secure server,
disabling many services that were enabled in Windows 2000. Previous tools such as URLScan and
IISLockdown tool should not be used with IIS 6. The following sections provide additional steps to
further secure the server installation.
Enable logging on the website
Logging should be enabled by default on the website.
1.
To open the IIS Manager, go to Windows Start >Administrative Tools>Internet Information
Services (IIS) Manager.
2.
Expand the ‘Web Sites’ folder.
3.
Right-click the ‘Default Web Site and select Properties
4.
Make sure Enable Logging is checked.
The log files must not overrun the System Partition. Configure the Log files to save to a directory on
the second partition. Make sure only Administrators and SYSTEM has full control on the log directory.
Delete the default installed examples
Delete the following directories and their contents from the file system of your Cisco TMS server:
\InetPub\AdminScripts
\WINDOWS\System32\Inetsrv\iisadmpwd
\WINDOWS\web\printers
Delete all files under \InetPub\wwwroot but do not delete the directory.
Disable unneeded web extensions
1.
Go to Windows Start > Control Panel > Administrative Tools > Internet Information
Services Manager.
2.
Expand the ‘Web Sites’ folder.
3.
Right-click the ‘Default Web Site’.
4.
Select ‘Properties’.
5.
Under Virtual Directory, click the Configuration button and make sure only the Web
Extensions listed below are enabled.
Table 10 Extensions to leave enabled
Extension
Enabled
.Active Server Pages
Yes
ASP.NET v1.x
Yes
ASP.NET v2.x
Yes
Steps to repeat after Cisco TMS installs and upgrades
Because Cisco TMS reinstalls the full Cisco TMS website on upgrades, the following sections should
be checked and reapplied.
Set proper authentication methods
By default Cisco TMS is installed with both Basic and Integrated Windows authentication. This allows
the best compatibility with browsers, but risks exposing passwords on unprotected networks. The