C# / .NETDevOpsMisc
Securing a new web server
Alexandru Puiu
Alexandru Puiu
October 18, 2018
1 min

Ideally you already have a snapshot you maintain and have hardened, and just have to clone it when you need new servers deployed. If you have to build a clean image to use for your future VMs: it’s usually easier to start with an existing VM you’ve configured, because it already has everything you need installed, but it might also have other stuff installed that you don’t necessarily want on every new VM, so here’s a way I quickly set up a new server image:

  1. Install a clean version of Windows on a new VM

  2. Set up your networking stack, and run Windows Update and install all the updates available

  3. Export the installed roles from your existing server https://www.ntweekly.com/2017/04/17/export-installed-roles-and-features-on-windows-server-2016-and-2012/

  1. Review the exported list and install all the features you need on your new VM using PowerShell:
Import-Csv C:\Temp\Roles.csv | foreach{Add-WindowsFeature $_.name }
  1. Import your encryption certificates into the new server

  2. Install Web Platform Installer

  • The Microsoft Web Platform Installer is a free tool that makes it simple to install and keep up-to-date with many web components
  1. Using Web Platform Installer install any components you might need, ex: WebDeploy 3.6 and URL Rewrite are some I find very useful.

  2. Set up Windows or IIS for SSL Perfect Forward Secrecy and TLS 1.2. Depending on your audience, you might want to keep only TLS 1.2, or support TLS 1.1. Here’s the script I use: https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12

  1. Snapshot the VM

Now whenever you need a new web server, you can just clone this VM, assign it a new IP, join it to your domain and you’re ready to go. Remember to keep your base image up-to-date with any changes you make to your production environment.


Alexandru Puiu

Alexandru Puiu

Engineer / Security Architect

Systems Engineering advocate, Software Engineer, Security Architect / Researcher, SQL/NoSQL DBA, and Certified Scrum Master with a passion for Distributed Systems, AI and IoT..



Social Media


Related Posts

Signing Commits
Signing Git Commits Using YubiKey on Windows
February 11, 2020
5 min

Subscribe To My Newsletter

I'll only send worthwhile content I think you'll want, less than once a month, and promise to never spam or sell your information!
© 2023, All Rights Reserved.

Quick Links

Get In TouchAbout Me

Social Media