OW5000 System Security Guidelines - NEC Corporation of America

3-2 Securing the Operating SystemIIS ConfigurationMany applications in UCE use web services.CAUTIONEnabling SSL at the IIS web site level may inadvertently impact other applications.However, it is a best practice to secure web services where user credentials arepassed from clients to the UCE server.The following products provide instructions for securing web serviceswith SSL in their installation guides.UNIVERGE UC700UNIVERGE MC550Please refer to each product’s installation guide for instructions onenabling and requiring SSL for these services.Service AccountsFailure to secure a service account enables a hacker to gainadministrative access to a web server and possibly the network.To increase service account security, the following recommendationsapply:• Create all Windows accounts with the lowest possible privileges• Label administrative accounts with a user name other thanadministrator• Disable the Windows guest account• Set the appropriate permissions for the ISUSR_machinename accountFor more information on IIS, go to http://www.microsoft.com. Keywords: How tosetup SSL on a Web Server, Securing your Web Server.REFERENCEFor more information on Service Accounts, go to http://www.microsoft.com.Keywords: Service Accounts, Permissions, Security.REFERENCETIPThe ISUSR account is used to permit anonymous access to a web site installed onthe web server. When the ISUSR_machinename account is configured incorrectly,users cannot access the web site.• Remove or disable unused Windows accounts• Remove descriptions which refer to account privileges• Rename or remove privileges from the default administrator account• Enforce policies to limit administrative access to two accountsUCE Application Platform (UNIVERGE OW5000) System Security Guidelines - Revision 7