What Does It Take to Harden an IIS Web Server?

In order to secure a Windows system, you need to have a good understanding and knowledge of the underlying system as well as the latest security fixes. Systems can never be 100% safe from an intruder but systems administrators can minimize the system exposure by building an extra wall to deter the would be attackers. This can be achieved by applying up to date security patches, hardening the OS, hardening IIS 5.0 and system(s) scanning using Nessus. The purpose of this document is to shed some light on how to make it harder for an intruder to compromise the system. We'll be going through securing a Windows 2000 server running IIS 5.0 and some of the tools that we can use to scan system(s) before putting it into production.