Contents

Security overview Application security overview General security principles Secure installation and configuration Installation overview Restrict network access to critical services Encrypted Transport Layer Security Close all unused ports and open necessary ports Disable all unused Windows services Post-installation configuration Restrict access to the server machines Ensure restrictive access control Security features web.config settings that secure the Web services Restrict access to service metadata WCF�Enabling and disabling metadata WCF�Turn off includeExceptionsDetailsInFaults attribute Turn off customErrors Configure user authentication