CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Traditional Web publishing has involved utilizing the File Transfer Protocol (FTP), whereby users upload new content to their Web server via a dedicated FTP client. This process has a number of downsides. IIS 6.0 offers two Web publishing technologies that overcome many of these disadvantages. The first is Web Distributed Authoring and Versioning (WebDAV), an open protocol defined in RFC standards 2518 and 3253, and the second is FrontPage Server Extensions (FPSE), a proprietary publishing mechanism that offers additional flexibility over WebDAV. In this chapter we will cover:
Configuring and securing WebDAV Publishing
Configuring and securing FrontPage Server Extensions publishing
By the time you reach the end of this chapter, you should be familiar with the steps involved in enabling both WebDAV and FPSE publishing. Additionally, you should be aware of the security options that each publishing mechanism offers and how to tailor these to the your organization s needs.
Traditional Web publishing has involved the use of FTP clients and servers. This method has a number of downsides. It requires an extra server (FTP) on the Web server, it requires additional ports to be opened in firewalls, it requires a dedicated FTP client on the user s machine, and updating content cannot be done in place on the server. Instead, it must be downloaded to the user s machine, edited, and uploaded again. WebDAV obviates these problems by allowing editing over HTTP. Additionally, it supports a rudimentary file-locking system that prevents two users attempting...