This configuration is important both for the performance and the security of the production environment.
Performance-wise, you can set the
1) The compilation of ASP.NET pages will take longer
2) Code will sometimes execute slower (since some additional debug paths are enabled)
3) The application's runtime will use much more memory
4) Scripts and images downloaded from the WebResources.axd handler won't be cached
This blog post will cover:
- IIS deployment method retail policy description.
- IIS deployment method retail potential vulnerability.
- IIS deployment method retail default value.
- CalCom’s recommended value.
- How to set the switch.
- Automating IIS hardening.
This switch is developers-focused. These kinds of switches are often enabled during active development. It is recommended that the deployment method on any production server will be set to retail.
This policy allows us to minimize possible information leakages. Setting the
When this switch is not utilized, vital application and system information may leak. An attacker will be able to cover trace output in a pager and see detailed error messages.
CALCOM'S RECOMMENDED VALUE:
HOW TO SET THE SWITCH:
- Open the machine.config file located in: %systemroot%\Microsoft.NET\Framework
- set within your machine.config file:
** If systems are 64-bit, do the same for the machine.config located in: %systemroot%\Microsoft.NET\Framework
AUTOMATE IIS SERVER HARDENING:
Server hardening can be a painful procedure. If you're reading this article, you probably already know it. Endless hours, labor, and money are invested in this process, which can often result in production breakdown despite the effort to prevent it. CSH by CalCom is automating the entire server hardening process. CHS's unique ability to 'learn' your network abolishes the need to perform lab testing while ensuring zero outages to your production environment. CHS will allow you to implement your policy directly on your production hassle-free. want to know more?