: Ensuring secure downloads for IIS One of my customers wants to make sure that when someone downloads a file from their website the file being downloaded is secure from third parties capturing

@Ann8826881

Using an SSL certificate will encrypt the communication between client browsers and your website. Depending on how serious your client is about security, two questions that you might want to further consider for downloads are:

1). Can a hacker replace download files with deleterious ones?

If the files are added to your site via FTP or share a common directory with it, then you'll want to spend some time making sure that's secure. The following list of articles might be helpful:
How Do I Configure FTP Security in IIS?

If files are uploaded to your server through server-side scripts or applications, then you'll want to make sure that those are secure as well. This is dependent on the script/application that you use - search for common exploits for those.

You'll also want to make sure access to your server through Remote Desktop Services is disabled unless needed: Disabling Remote Desktop Services features

Lastly, you might want to review other areas of security for IIS: Configuring Security

2). Is the file downloaded the same as the original one?

Some sites list an MD5 or SHA1 hash value of files so that users can verify that the file hasn't been modified. See this for more on that:
Microsoft - How to compute the MD5 or SHA-1 cryptographic hash values for a file

Clients can then use the File Checksum Integrity Verifier (FCIV) utility (or other similar tool) to verify the hash value, as available for download and discussed here:
Microsoft - Availability and description of the File Checksum Integrity Verifier utility

Vote Up Vote Down