Skip to main content

IIS web server

The IIS web server is a required component since it provides all user interface modules. It should therefore be carefully protected.

IIS is more than a web server; it is also an FTP server, indexing server, proxy for database applications and a server for active content and applications. Disable these features as Bravura Security Fabric does not use them.

Always deploy a proper, issued-by-a-real-CA SSL certificate to Bravura Security Fabric servers and disable plaintext HTTP access. Never use a self-signed certificate in a user-facing system, as this may condition users to ignore SSL validity warnings.

Assign the IIS user the right to read from but not write to static HTML, image file and Javascript files used by Bravura Security Fabric .

Assign the IIS user the right to execute CGI programs but not other executables on the Bravura Security Fabric filesystem.

Disable directory browsing – there is no reason why a user connecting to the Bravura Security Fabric web portal should be able to list files in any folder.

In this section: