IIS6 had some tools for hardening, against attacks and holes.
Does IIS7 have the same?
If not, are there some standard thingst that should be done to protect it?
IIS6 had some tools for hardening, against attacks and holes.
Does IIS7 have the same?
If not, are there some standard thingst that should be done to protect it?
IIS 7 is much more secure out of the box, operating off of an "opt-in" model for features rather than opt-out as with previous versions. In order to read up on hardening IIS 7 however, you will want to download the Windows Server 2008 Security Guide (the actual file you want is Security Compliance Management Toolkit _ Windows Server 2008.zip). Chapter 6 covers Hardening Web Services (aka IIS 7).
You can also look at the Security Configuration Wizard found under the administrative tools within Windows Server 2008, although much of it won't do you a lot of good without a greater understanding of the potential holes, the wizard will still walk you through closing down certain ports and shutting down miscellaneous running services.