Changes
/* Further Security Configuration & Hardening */
== Further Security Configuration & Hardening ==
=== TLS Level ===If the {{UBIK}} WebServices are supposed to communicate with other WebServices, e.g. an interface component or an Azure Blob container for file storage, the appropriate TLS level needs to be ensured. While this can be enforced with a registry key, it is best practice to let the OS and the .NET Framework negotiate it. To enable that, the ''targetFramework'' attribute of the ''httpRuntime'' element in the ''Web.config'' file of the WebService in question (normally the {{UBIK}} content WebService) has to be set to the desired .NET Framework level, should typically be the same that the service was compiled against. So if TLS 1.2 shall be supported and default, the ''targetFramework'' needs to be set to 4.6 like in this example: <source lang="xml"><system.web> <customErrors mode="Off"/> <httpRuntime maxRequestLength="65536" targetFramework="4.6" /> <compilation debug="true" defaultLanguage="c#" targetFramework="4.6" /></system.web></source> The full documentation on TLS best practices with .NET can be found [https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls here]. === Hardening ===For hardening instructions of IIS, please follow the following best practive practice guidelines:
* [https://www.cisecurity.org/benchmark/microsoft_iis/ Center for Internet Security IIS Benchmark]
* [https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj635855(v=ws.11) Security Best Practices for IIS]
[[Category:How-To|Configure Microsoft IIS for UBIK]]
[[Category:Installing|Configure Microsoft IIS for UBIK]]
[[Category:Pages with broken file links|Configure Microsoft IIS for UBIK]]
[[Category:Web service|Configure Microsoft IIS for UBIK]]
== See also ==
