.N W2K IIS 5.0 Security Policy 	#Policy Name
.L 2 	#Policy structure
.D Detects changes to the Internet Information Services (IIS, FTP, Gopher) security configuration. 	#Policy Description
.V 1004411226 	#Policy revision number
.Z 1007 	#Policy ID
.Z 1007 	#Policy ID
.R FTP-AllowGuestAccess-On 	#Rule Definition
..D Detects the registry change needed to allow Guest access to FTP. 	#Rule Description
..Z 969 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\MSFTPSVC\Parameters\AllowGuestAccess = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 967 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 968 	#ID of the clause
.R FTP-AllowGuestAccess-Filter 	#Rule Definition
..D Detects the registry change needed to allow Guest access to FTP. 	#Rule Description
..Z 963 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\AllowGuestAccess 	#Regular text
....T 3145920 	#Regular text
....C 0 	#Case sensitivity
....Z 962 	#ID of the clause
.R FTP-AllowGuestAccess-Off 	#Rule Definition
..D Detects the registry change needed to allow Guest access to FTP. 	#Rule Description
..Z 966 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\MSFTPSVC\Parameters\AllowGuestAccess = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 964 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 965 	#ID of the clause
.R FTP-EnablePortAttack-Off 	#Rule Definition
..D Detects changes to the EnablePortAttack registry key.  Changes to this key may indicate that the allowable FTP ports have been changed. 	#Rule Description
..Z 974 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\MSFTPSVC\Parameters\EnablePortAttack = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 972 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 973 	#ID of the clause
.R FTP-EnablePortAttack-Filter 	#Rule Definition
..D Detects changes to the EnablePortAttack registry key.  Changes to this key may indicate that the allowable FTP ports have been changed. 	#Rule Description
..Z 971 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\EnablePortAttack 	#Regular text
....T 3145920 	#Regular text
....C 0 	#Case sensitivity
....Z 970 	#ID of the clause
.R FTP-EnablePortAttack-On 	#Rule Definition
..D Detects changes to the EnablePortAttack registry key.  Changes to this key may indicate that the allowable FTP ports have been changed. 	#Rule Description
..Z 977 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\MSFTPSVC\Parameters\EnablePortAttack = 1* 	#Regular text
....C 1 	#Case sensitivity
....Z 975 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 976 	#ID of the clause
.R CheckCertRevocation-Filter 	#Rule Definition
..D Detects changes to the CheckCertRevocation registry key.  By default this key is disabled because by enabling it has severe performance impact. 	#Rule Description
..Z 961 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters\CheckCertRevocation 	#Regular text
....T 3145776 	#Regular text
....C 0 	#Case sensitivity
....Z 960 	#ID of the clause
.R CheckCertRevocation-Disabled 	#Rule Definition
..D Detects changes to the CheckCertRevocation registry key.  By default this key is disabled because by enabling it has severe performance impact. 	#Rule Description
..Z 956 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\InetInfo\Parameters\CheckCertRevocation = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 954 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 955 	#ID of the clause
.R CheckCertRevocation-Enabled 	#Rule Definition
..D Detects changes to the CheckCertRevocation registry key.  By default this key is disabled because by enabling it has severe performance impact. 	#Rule Description
..Z 959 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\InetInfo\Parameters\CheckCertRevocation = 1* 	#Regular text
....C 1 	#Case sensitivity
....Z 957 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 958 	#ID of the clause
.R LogSuccessfulRequests-Enabled 	#Rule Definition
..D Detects changes made to the LogSuccessfulRequests registry key.  This key determines whether or not to record successful activities in the log file. 	#Rule Description
..Z 991 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\W3SVC\Parameters\LogSuccessfulRequests = 1* 	#Regular text
....C 1 	#Case sensitivity
....Z 989 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 990 	#ID of the clause
.R LogSuccessfulRequests-Disabled 	#Rule Definition
..D Detects changes made to the LogSuccessfulRequests registry key.  This key determines whether or not to record successful activities in the log file. 	#Rule Description
..Z 988 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\W3SVC\Parameters\LogSuccessfulRequests = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 986 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 987 	#ID of the clause
.R LogSuccessfulRequests-Filter 	#Rule Definition
..D Detects changes made to the LogSuccessfulRequests registry key.  This key determines whether or not to record successful activities in the log file. 	#Rule Description
..Z 993 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\LogSuccessfulRequests 	#Regular text
....T 3145920 	#Regular text
....C 0 	#Case sensitivity
....Z 992 	#ID of the clause
.R SSIEnableCmdDirective-Filter 	#Rule Definition
..D Detects changes to the SSIEnableCmdDirective.  Security-conscious sites may wish to disable the \#exec cmd directive, especially when untrusted parties are allowed to place files on the server. 	#Rule Description
..Z 1006 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\SSIEnableCmdDirective 	#Regular text
....T 3145920 	#Regular text
....C 0 	#Case sensitivity
....Z 1005 	#ID of the clause
.R SSIEnableCmdDirective-Enabled 	#Rule Definition
..D Detects changes to the SSIEnableCmdDirective.  Security-conscious sites may wish to disable the \#exec cmd directive, especially when untrusted parties are allowed to place files on the server. 	#Rule Description
..Z 1004 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\W3SVC\Parameters\SSIEnableCmdDirective = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 1002 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 1003 	#ID of the clause
.R SSIEnableCmdDirective-Disabled 	#Rule Definition
..D Detects changes to the SSIEnableCmdDirective.  Security-conscious sites may wish to disable the \#exec cmd directive, especially when untrusted parties are allowed to place files on the server. 	#Rule Description
..Z 1001 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\W3SVC\Parameters\SSIEnableCmdDirective = 1* 	#Regular text
....C 1 	#Case sensitivity
....Z 999 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 1000 	#ID of the clause
.R LogErrorRequests-Filter 	#Rule Definition
..D Detects changes to the LogErrorRequests registry key.  This key determines whether or not to record errors in the log file. 	#Rule Description
..Z 985 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\LogErrorRequests 	#Regular text
....T 3145968 	#Regular text
....C 0 	#Case sensitivity
....Z 984 	#ID of the clause
.R LogErrorRequests-Enabled 	#Rule Definition
..D Detects changes to the LogErrorRequests registry key.  This key determines whether or not to record errors in the log file. 	#Rule Description
..Z 983 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\W3SVC\Parameters\LogErrorRequests = 1* 	#Regular text
....C 1 	#Case sensitivity
....Z 981 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 982 	#ID of the clause
.R LogErrorRequests-Disabled 	#Rule Definition
..D Detects changes to the LogErrorRequests registry key.  This key determines whether or not to record errors in the log file. 	#Rule Description
..Z 980 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\W3SVC\Parameters\LogErrorRequests = 0* 	#Regular text
....C 1 	#Case sensitivity
....Z 978 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 979 	#ID of the clause
.R MaxClientRequestBuffer-Filter 	#Rule Definition
..D This value designates the maximum size of the request line and header fields accepted by IIS.  The IIS administrator can reduce to amount of attacks on IIS by limiting the size of this value. 	#Rule Description
..Z 998 	#Rule ID
..T 	#Indirect Rule
..V 0 	#Rule Value
..S 	#Select Clause(s)
...Q Select NT Registry Key 	#NT Registry
....T * 	#Regular text
....T \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\MaxClientRequestBuffer 	#Regular text
....T 3145920 	#Regular text
....C 0 	#Case sensitivity
....Z 997 	#ID of the clause
.R MaxClientRequestBuffer-Change 	#Rule Definition
..D This value designates the maximum size of the request line and header fields accepted by IIS.  The IIS administrator can reduce to amount of attacks on IIS by limiting the size of this value. 	#Rule Description
..Z 996 	#Rule ID
..V 50 	#Rule Value
..S 	#Select Clause(s)
...G System Message 	#System Message
....T *\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\MaxClientRequestBuffer* 	#Regular text
....C 1 	#Case sensitivity
....Z 994 	#ID of the clause
..A  	#Action Clause(s)
...E Record to Event Viewer 	#Record Event
....Z 995 	#ID of the clause