Adeyemo Teslim's Blog
NETWORKING: Step-by-Step Guide to Deploying and Securing a Windows IIS Server with ASG, NSG, and Firewall Configuration.

NETWORKING: Step-by-Step Guide to Deploying and Securing a Windows IIS Server with ASG, NSG, and Firewall Configuration.

Adeyemo Teslim's photo
Adeyemo Teslim
·

5 min read

Introduction
This topic explains the creation of a Windows Server with IIS, setting up security groups, configuring network security rules, establishing a firewall, and verifying connectivity through the public IP address. It suggests a comprehensive guide to securing a web server against potential threats while ensuring it’s accessible for legitimate traffic.

Internet Information Services (IIS) is a web server software created by Microsoft. It’s an integral part of the Windows Server family but is also available for Windows client operating systems. IIS is used to host and manage websites, web applications, and services.

FOR THIS BLOG, THE TASKS WILL BE GROUPED INTO 4 SECTIONS.

SECTION A - installing IIS on our existing Windows server. Check out my blog for instructions on creating a virtual machine to set up your own Windows server.

SECTION B - Create an Application Security Group (ASG) in the same region as your server.

SECTION C- Adding inbound port rules on port 80 and port 443 to your Network Security Group (NSG).

SECTION D- Create a firewall and attach it to the Server's Vnet to secure your environment from malicious threat

SECTION A
1- a) Once you have successfully set up your Windows server, remotely log in to your server using the following steps:
b) enter your IP address in the computer section
c) enter your username
d) click on connect

e) Enter your password and click ok.

f) Click on yes on the next command.

2- a) The server manager dashboard will display automatically
b) Click on add roles and features.

c) In the "Add Roles and Features" section, leave the settings on default and click "Next."

d) In the installation type section,
select role-based or feature-based installation then click next

e) In the server selection section, choose a server from the server pool and then click Next.

f) In the Server Roles section, select "Web Server (IIS)" on the next page and click on "Add Features". Once the Web Server (IIS) is selected, click on "Next".

g) Leave the features section on default, then click on the next

h) Leave web server roles (IIS) on default then click next

i ) Leave the role service section on default, then click on next

j) In the installation section, click on "install".

k) Our installation progress will be shown, and once it is successfully installed, click on "Close." On the Server Manager page, click on the "Refresh" button highlighted below.

SECTION B

1-On the Azure homepage, search for Application Security Group from the search bar, open it, and then click on Create Application Group.

  1. a) select your subscription and resource group.
    b) enter your instance's name and select the region you use for your Windows server
    c) Click on review and create

d) Once the validation is passed, click on Create.

e) click on Go to resource to see your application security group.

Section C

  1. On the Azure homepage, search for Network Security Group in the search bar and open it. Click on the NSG displayed with your Windows server name. Note: Azure automatically creates our network security group.

2 a) On the NSG homepage, click the setting drop down then click on inbound security rules.
b) click on the add button highlighted below.

3 a) When adding the inbound security rule section, choose 'any' as the source.
b) on the destination section drop-down select application security group.

4 a) On destination application security groups, select your application security group on the drop-down
b) Select Custom on the service drop-down
c) enter 80,443 in the destination port ranges
d) select any in the protocol section, then select allow in the action section.
e) enter 100 or any number below 300 on the priority.
note: we are choosing a number below 300 because 300 is our rdp priority we want our new rule to have priority over rdp and any other existing rules. the lower the number, the more they prioritize overriding existing rules.
f) give your inbound rules a name then click on add.

  1. our new inbound security rules have been added and successfully overridden existing rules.

6 a) On the Azure homepage, go to your Windows server and open it.
b)on your Windows server search bar, search application security group and open it.
c) click on add application security group.
d) select your application security group name then click on add.

SECTION D
1 a) On your Azure home page, type marketplace in the search bar and open it.
b) type firewall in the marketplace search bar
c) click on Create in the firewall section

2 a) In the basics section, choose your subscription and resource group
b) enter your instance details
c) select your preferred firewall SKU
d) In the firewall policy section, select add new, enter your firewall policy details, and click ok.

2 )On the public IP address, click on "Add New" and enter your public IP details. click ok.

3 a) In the virtual network section, click on Create New.
b) give your virtual network a name
c) enter your address space and subnet then click on next.

  1. on the tag section click on review+create

  1. once your validation has passed click on Create.

  1. you have successfully Created a firewall and attached it to the Server's Vnet to secure your environment from malicious threats.

  1. a) copy your Windows server public IP
    b) paste it to your browser

  2. c)Your browser should display the following.

    I hope this step-by-step guide helps you to understand how to Configure a Secure IIS Web Server on Windows with Network Security, Application security group, and Firewall Protection.