Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Server Roles: IIS, FTP
- IIS
- ⦁ Configuration is accessed under the IIS Manager (assuming IIS is installed)
- ⦁ Accessible from Server Manager, with the Role of Web Services
- Install/Modules
- ⦁ IIS has over 40 modules, so this is tricky because the modules may be needed.
- ⦁ That said, check against readme and google to see if any may be “unnecessary” or unwanted
- Request Filtering
- ⦁ Ensure that request filtering rules are enabled (With the default settings)
- Authentication
- ⦁ Basic, Windows Authentication, Forms Authentication, Anonymous
- ⦁ If you use Windows authentication, turn on extended protection.
- ⦁ If Basic Authentication is enabled, ensure the system is using SSL certs
- ⦁ It is generally not advisable to allow Anonymous authentication along with another authentication type for the same website
- ⦁ Disable anonymous access to server directories and resources.
- ⦁ Do not allow anonymous writes to the server.
- FTP
- ⦁ Configuration is accessed under the IIS Manager (assuming IIS is installed)
- ⦁ Accessible from Server Manager, with the Role of Web Services
- ⦁ Network Protocol = SSL
- ⦁ Account running the service
- ⦁ Users granted access
- ⦁ Permissions to directory
- ⦁ CyberPatriot will want you to disable anonymous right unless explicitly mentioned
- File Server
- Configuration is accessed under Server Manager (assuming it is installed)
- You can also get a quick peek under ‘net share” command from the CMD prompt
- ⦁ Share permissions / Users granted access
- ⦁ Permissions to directory
- FileZilla
- Filezilla is an alternate, standalone FTP server that runs using a service called “FileZIlla Server FTP Service”
- ⦁ Make sure the account that FileZilla server is running under is a standard user, not an Administrator or “LocalSystem”
- ⦁ Windows Key + R -> "lusrmgr.msc" and hit «ENTER»; "Local Users and Groups" MMC Console appears
- ⦁ Create a local Windows User called ‘filezilla’
- ⦁ Then change the properties for the FileZilla service
- ⦁ Windows Key + R -> "services.msc" and hit «ENTER»; "Services" MMC Console appears
- ⦁ locate "FileZilla Server FTP server" service and double click; properties dialog appears
- ⦁ click "Stop" to stop service if running
- ⦁ switch to "Log On" tab and set following:
- ⦁ Username: filezilla
- ⦁ Password: LCt1gers
- IF you change the account that FileZilla is running under, you must also set the Permissions on the folders that FileZilla is using (and any SSL certs that are being used) or the install will break
- ⦁ With Windows Explorer navigate to "FileZilla Server" installation directory
- ⦁ Typically in Program Files or C:\
- ⦁ Locate "FileZilla Server.xml" file, service requires write permissions to this file
- ⦁ Right click -> Properties
- ⦁ If you have "Simple File Sharing" enabled (no "Security" tab in file properties)
- ⦁ Click "Tools" in Explorer menu, select "Folder options"; "Folder Options" dialog appears
- ⦁ Select "View" tab
- ⦁ Uncheck "Use simple file sharing (Recommended)"
- ⦁ Click OK
- ⦁ Right click "FileZilla Server.xml" select "Properties"; "Properties" dialog appears
- ⦁ Select "Security" tab, click "Add" button; "Select User or Group" dialog appears
- ⦁ Type "filezilla" into "Enter object names to select" textbox
- ⦁ Click "OK"; "filezilla" user is added to permissions list
- ⦁ Select "filezilla" user and check "Write" in "Allow" column
- ⦁ Click "OK"; permissions are now saved
- ⦁ If you use logging, set "Write" access to "Logs" folder too
- ⦁ If you upload to some folders set "Full Control" to each topmost writable folder you want to use, the changes are propagated to children
- ⦁ If you use SSL, double check if both the SSL certificate file and private key file are readable by "filezilla" account, to not break the SSL connection
- Filezilla maintains a set of users separate from that of windows; these need to be managed as well.
- ⦁ FileZilla Server Manager -> Connect to Server -> Edit -> Users
- ⦁ Remove “Anonymous” user if present and not necessary for image
- ⦁ Remove any other unauthorized users per readme.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement