I trying to lockdown a Windows Server 2019 instance that will host an internet-facing website built in .net framework 4x. This organization has no tools and no budget. I have not done this in a few years (2012 R2) so I am rusty.
Thus far, I have...
Executed the Powershell scripts in Microsoft Security Compliance Tool Kit
Executed the Powershell scripts here https://github.com/Happygator/CIS-Microsoft-Windows-Server-2019-Benchmark
Walked through https://www.tenable.com/audits/DISA_STIG_IIS_10.0_Web_Server_v2r5 to tweak as many things as possible
Used Nartac's IISCrypto to disable weak cyphers, SSL, TLS 1, TLS 1.2
As the users of the site are all US, I've added a lot of IP address restrictions to try cut down on some the garbage from China and Russia
Moved apps and IIS logs off of the C drive.
Any additional advice, steps, resources or tools I should review?
Thank you.
