I have been writing WCF services for internal use for quite a while (alongside WinForms and MVC web apps). However, I now need to expose one of the services to the great unwashed!

Since this is from a single source company I proposed the following:

Architecture

• Company uses VPN to send request to our DMZ server over HTTPS/SSL
  • DMZ firewall only allows specific Company IP
• DMZ IIS server passes request to our internal IIS server
  • Internal firewall only allows DMZ server INTERNAL FACING IP
• Internal IIS WCF service consumes request and sends response back up the chain.

However, my IT manager wants more than this and more…in detail.

e.g.

• What accounts to use or create, and what permissions to give them.
• How to limit public facing IIS server from being DoS’d, hacked, etc.
• How to stop public facing IIS server displaying “secure” details accidentally
  • What to turn off inside server/IIS
  • What files to restrict access to e.g. trace.axd

I can understand his reasons too – if it all goes ttsup, then he carries the can…whcih means ultimately I carry the can! From a background in mainframe and IBM/Websphere, all he hears about is how IIS is “not secure”.

I suspect that what he really hears is “devs/admins are not securing IIS/WCF properly”…so I want to try to do it “properly” !

(for info, I am going through Troy Hunt’s posts…but there’s a lot in here! I’ve tried going through MSDN’s reams of “kids drawing paper” and find oit very hard ot extract what I need to know from the endless “lets make this paragraph longer and sounds more important while hiding the salient facts” filler in there!)