Hardening a Microsoft IIS Web Server

Here are some quick tips on how to harden a Microsoft IIS web server for production use:

1. Enable SSL

When possible, configure your web server and sites to utilize an SSL certificate. SSL will protect client-server communication. Instructions on how to configure SSL in IIS can be found at: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

2. Disable Weak SSL and TLS Ciphers

Paste the following registry configuration into a text file:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:00000000