Hi Folks,
Fairly new to IIS so I'm attempting to learn as much as I can about securing my site before moving to our DMZ...
One of the recommendations out of the Technet library was to move the inetpub folder to it's own drive - i.e. not the system drive (presumably to prevent file system crawling???) (http://technet.microsoft.com/en-us/library/jj635855.aspx)
instructions link from technet: http://blogs.iis.net/thomad/archive/2008/02/10/moving-the-iis7-inetpub-directory-to-a-different-drive.aspx
Which is comprehensive enough... except at the end it states...
PLEASE BE AWARE OF THE FOLLOWING:
WINDOWS SERVICING EVENTS (I.E. HOTFIXES AND SERVICE PACKS) WOULD STILL REPLACE FILES IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE
TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES IS NOT POSSIBLE.
can I get a sanity check on that please - it seems to imply that if I improve security as recommended I decrease security by making the service unpatchable!?!?!