Microsoft IIS default installation/welcome page installed
|5||(AV:N/AC:L/Au:N/C:P/I:N/A:N)||April 21, 2005||April 21, 2005||December 04, 2013|
The IIS default installation or "Welcome" page is installed on this server. This usually indicates a newly installed server which has not yet been configured properly and which may not be known about.
In many cases, IIS is installed by default and the user may not be aware that the web server is running. These servers are rarely patched and rarely monitored, providing hackers with a convenient target that is not likely to trip any alarms.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
Remove the default page or stop/disable the IIS server
If this server is required to provide necessary functionality, then the default page should be replaced with relevant content. Otherwise, this server should be removed from the network, following the security principle of minimum complexity.
If the server is not needed, it can be disabled in the following way: in the Services window of the Control Panel's Administrative Tools section, right-click on the 'World Wide Web Server' entry and select 'Stop'. Set its startup type to 'Manual' so that it does not restart if the machine is rebooted (this is done by selecting 'Properties' in the right-click menu).