Securing IIS Websites

By Jeremy Morgan
In this course, you'll learn how to lock down your IIS server. You'll discover various methods of attack, how they work and how to prevent them. You'll learn how to monitor your server to prevent future attacks.
Play course overview
Course info
Level
Intermediate
Updated
Nov 6, 2019
Duration
2h 41m
Table of contents
Course Overview
Course Overview 1m
Securing Windows Systems
Introduction 1m Reducing Your Attack Surface 3m Updating Windows 5m Understanding Windows Firewall 2m Configuring Windows Firewall 5m Disabling Windows Services 3m Removing Windows Features 3m Securing Windows Accounts 6m Conclusion 1m
Reducing IIS Vulnerabilities
Introduction 1m IIS Attack Surface 3m Reducing Exposed Information 5m IIS Vulnerabilities 6m Removing Unneeded IIS Modules 4m Locking Down Error Pages 4m IP Address Restrictions 6m HTTP Request Filtering 8m Summary 1m
Leveraging SSL and TLS on Your IIS Server
Introduction 1m SSL Basics 5m Cipher Suites 4m Disabling TLS/SSL 3m Installing SSL Certificates 5m HTTP/2 and HTTP/3 5m Conclusion 1m
Familiarizing Yourself with Exploits
Introduction 0m Buffer Overflow 4m CRLF Injection 3m Phishing 1m Cross Site Scripting 2m SQL Injection 4m Man in the Middle (MITM) Attacks 2m Brute Force / Dictionary Attacks 2m Summary 1m
Securing Your Applications
Introduction 1m Managing Accounts 7m Cross-Origin Resource Sharing (CORS) 4m Securing Application Pools 4m File and Folder Security 4m Handling Mappings 5m Authentication Methods 6m Summary 0m
Monitoring Your Server
Introduction 1m Reviewing Access Logs 5m Event Tracing For Windows 3m Windows Event Viewer 2m Using Log Parser 5m Health and Diagnostics 4m Creating a Security Monitoring Plan 4m Summary 1m
Description
Course info
Level
Intermediate
Updated
Nov 6, 2019
Duration
2h 41m
Description

In this course, Securing IIS Websites, you'll gain the ability to secure your IIS Webservers and prevent attacks. First, you'll explore how to reduce your attack surface to avoid attracting attackers to your site. Next, you'll discover how to lock down IIS to prevent attacks from being successful. Finally, you'll learn how to monitor your server to identify or prevent attacks from happening. When you’re finished with this course, you’ll have the skills and knowledge of IIS Security needed to keep your websites safe.

About the author
Jeremy Morgan
About the author

Jeremy Morgan is a consultant, tech blogger, and speaker. He likes to stay immersed with the latest in .NET Development and DevOps during the day and working on Linux machines and microcontrollers at night.

More from the author
Creating and Configuring New Websites in IIS
Intermediate
1h 36m
Feb 19, 2019
Installing and Configuring IIS Servers
Intermediate
1h 42m
Aug 17, 2018
More courses by Jeremy Morgan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Jeremy Morgan, and welcome to my course, Securing IIS Websites. IIS is used by millions of websites all over the world, and securing these websites is top priority because attacks are increasing by the day. In this course, we are going to learn how to secure your IIS servers against attacks from the internet. Some of the major topics that we'll cover include reducing your IIS attack surface, HTTP request filtering, SSL and TLS basics, protecting yourself against exploits, and monitoring IIS web servers to look for attacks. By the end of this course, you'll know how to secure your IIS server and feel confident about the safety of your data. Before beginning this course, you should be somewhat familiar with IIS administration and Windows administration. I hope you'll join me on this journey to learn IIS security with the Securing IIS Websites course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT