1.5 IIS Lockdown (not scored)

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The IIS Lockdown tool reduces the attack surface of IIS-dependent Microsoft products by disabling unnecessary features, such as FTP, SMTP, and NNTP. NOTE: The IIS Lockdown automates many of the hardening steps listed in this document. The default settings for IIS 6.0 should not require hardening. NOTE: Nessus did not perform this check as it requires manual verification the system has been hardened by the IIS Lockdown tool.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Make sure 'IIS Lockdown' is installed.

See Also

https://workbench.cisecurity.org/files/657