Here are some quick tips on how to harden a Microsoft IIS web server for production use:
1. Enable SSL
When possible, configure your web server and sites to utilize an SSL certificate. SSL will protect client-server communication. Instructions on how to configure SSL in IIS can be found at: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
2. Disable Weak SSL and TLS Ciphers
Paste the following registry configuration into a text file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:00000000 Continue reading "Hardening a Microsoft IIS Web Server"