Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
Disable http put method
1. Disable HTTP PUT Method
Go into IIS manager
Right click on the website and select properties
Go to the home directory tab
un click write
Apply IP restrictions to allow only Office users to access edit pages
Open IIS Manager and navigate to the level you want to manage. For information about opening
IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the
UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click IPv4 Address and Domain Restrictions.
In the Actions pane, click Add Allow Entry.
In the Add Allow Restriction Rule dialog box, select Specific IPv4 address, IPv4 address range, or
Domain name, add the IPv4 address, range, mask, or domain name, and then click OK
Configure Anti Virus software to prevent the loading of malicious files
Set cache controls
http://support.microsoft.com/kb/247404
How to disable SSL v2 protocol in Windows? 2008.09.03
00:02:46
Secure Socket Layer Protocol version 2 (SSL v2) has a serious vulnerability.
Successful exploitation of this vulnerability would allow an attacker to execute
arbitrary code in the context of the affected server. No authentication is required
to reach the vulnerable code. No user interaction is required.
Since this vulnerability is in the library code used by multiple applications, the
details of how an attacker would exploit it varies. In all cases, an attacker would
need to specify invalid parameters as part of the SSLv2 handshake. Common
Vulnerabilities and Exposures (CVE) classified the vulnerability under CVE-2004-
0120. Microsoft identified such vulnerabilities in its security bulletin MS04-011,
however, until today the default configuration for Windows 2000 and Windows issam
2003 has SSL v2.0 protocol enabled.
To disable SSL V2 protocol:
1.Click Start, click Run, type regedt32 or type regedit, and then click OK.
2.In Registry Editor, locate the following registry key:
2. HKey_Local_MachineSystemCurrentControlSetControlSecurityProviders
SCHANNELProtocolsSSL 2.0Server
3.On the Edit menu, click Add Value.
4.In the Data Type list, click DWORD.
5.In the Value Name box, type Enabled, and then click OK.
Note If this value is present, double-click the value to edit its current value.
6.Type 00000000 in Binary Editor to set the value of the new key equal to "0".
7.Click OK.
Disable SSL Version two
http://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html
Suppress display of software versions in returned HTTP headers
This can be suppressed using I I S addin urlscan ( see above)