I'm deploying a simple ASP.NET application on IIS 7.5 and I'd like to know what changes I should make or configurations I should check to protect my server.
Will the default settings be secure enough? I'm very much a beginner when it comes to server management so any tips will be very helpful.
1.) make sure you're behind a firewall that blocks all ports except what you need.
2.) Keep your patches up to date.
3.) Remove any services you're not using, including FTP. If you're using FTP, stop, and use something secure like ssh.
Besides that, its pretty secure. Set up your firewall to allow you to access the server remotely only(with SSH or RDP) from set IP addresses.
Only allow port 80 through in your "Windows Firewall with Advanced Security" - Start - Administrative Tools - Windows Firewall with Advanced Security - Add 443 is https.
Windows 2008 R2 (IIS 7.5) are pretty secure out of the box.
If you need to use FTP make sure you have ip restrictions.
The old attack surfaces like webdav / frontpage extensions, etc. are an exploit of the past.