IIS Security Tips

by Hal Flynn
Sept. 19, 2017 0 comments Symantec

Know your web site -- Know you web site in and out. Know the function of every file. Know the ACL' of every file. Delete, rename, or quarantine every file you don't know. Know all the virtual roots and where they physically reside. Frequently open MMC and frequently produce directory listings. Frequently list the most recently changed files in your web root. Keep copies of your site offline on read-only media for base reference.

https://www.symantec.com/connect/articles/iis-security-tips