cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
220
Views
20
Helpful
4
Replies

ECE Chat Website IIS Best Practices

Muhammed Ashiq
Beginner
Beginner

Hi,

 

We are using ECE 12.0 (ES5) for chat and email.

Is there any documents available for Securing the Chat Web Servers in IIS level.

Your valuable input is highly appreciated.

4 Replies 4

bill.king1
VIP Advocate VIP Advocate
VIP Advocate

Muhammed Ashiq
Beginner
Beginner

Thanks Bill.

I found below also up on searching,

 

  1. Ensuring that directory browsing is disabled may reduce the probability of disclosing sensitive content
    that is inadvertently accessible via IIS."
    To ensure that Directory Browsing is set do the following:
    %systemroot%\system32\inetsrv\appcmd set config /section:directoryBrowse /enabled:false
  2. USE ONLY STRONG ENCRYPTION PROTOCOLS:
    Set as follows:
    SSL 3.0 Enabled: We have SSL disabled as part of the POODLE patch
    SSL 2.0 Disabled
    TLS 1.0 Enabled
    TLS 1.1 Enabled
    TLS 1.2 Enabled
    PCT 1.0 Disabled
  3. DISABLE WEAK CIPHER SUITES
  4. REMOVE MICROSOFT IIS START PAGE
  5. Remove ASP.net from IIS header

 

It looks like there's now a Cisco documentation defect to address this as well.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc40486

Thanks Bill. This would be a helpful document once published.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers