The first security policy I always implement for a web site is to keep the webroot clean. You cannot keep a secure site that is filled with clutter. Clutter includes anything that you do not explicitly use for your website. The problem is that clutter keeps gathering in our webroots. In fact, even a fresh IIS install contains quite a bit of junk you don't need.
If you have the luxury of starting from a fresh IIS install, that is always the best. As time goes on it is easy to accumulate so much clutter in your web that it is hard to know what should stay and what should go. This document will be based on cleaning a default freshly installed IIS website so if you are working on an existing site you will have to consider some of these suggestions carefully before actually implementing them.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
