As data security issues happen more and more frequently, Web server security has become a leading concern for all enterprises and IIS Web server is the main attacked target. It is an unforgettable lesson for all victims of the event that CSDN leaked out almost 6000,000 users' private information in 2011. Nowadays, Web server security catches more and more network users' attention. Here, effective measures targeting Web server security of Windows Server operating system are recommended for you. 1. Physical security Web server should be placed in the isolated room equipped with monitors and all records should be preserved well. Chassis, keyboard and computer table drawer should be locked and the key should be placed to a secure location, so as to prevent malicious users from using the computer. 2. Users account security Windows Server operating system users had better rename the manager account whose default name is Administrator, and enable password security policy. To harden Web server security, users are advised to set much advanced password and enable combination lock, so as to prevent brute force password crackers. Moreover, it is necessary to create new user account and add it to Administrators group, preventing the sole manager account from being locked. 3. Stop unneeded services Here, multiple services needing to be stopped are listed: - Computer Browser - Distributed File System - Distributed link tracking client - Error reporting service - Microsoft Search - NTLM Security support provide: telnet - Print Spooler - Remote Registry - Remote Desktop Help Session Manager 4. Close unnecessary ports Closing port means the decrease of functions, so Windows Server operating system users have to strike a balance between Web server security and system functions. Providing that Web server is situated behind system firewall, Web server security can be ensured to some extent. Open port scanning by using port scanner is the first step to prevent against hackers. Here, multiple TCP ports can be closed for the sake of Web server security: Web service: HTTP port: 80 and HTTPS port: 443 Windows terminal service: port: 3389 SSH service: port: 22 Telnet service: port: 23 MySQL database: port: 3306 5. Store sensitive files into another file server Though present server hard disk possesses large capacity, users still need to take file security into consideration when they are storing sensitive data, such as files and data sheets. To ensure file security, users are advised to store those data into file server and back up them regularly. 6. Prevent system from showing the username of the latest login By default, when certain server gains terminal service, the login dialogue box will display the username of the latest login, giving malicious users chance to decode the password of obtained user accounts. By rectifying registry, Windows Server operating system users can prevent system from displaying the username of the latest login. 7. Download the newly updated patches Most managers have not developed a good habit of visiting secure sites, so there may be bugs which are risky to Web server security. As we all know, the newly updated patches can fix existing bugs to some extent, so users can download service pack and patches via secure Microsoft websites to maintain Web server security.