Hack Proofing Windows 2000 Server

Chapter 11: Securing Internet Information Services 5.0

Introduction

No security book would be complete without a chapter on securing your Web server. Let s face it: We live in a digital world, and companies are now spending more money developing their e-commerce strategies than ever before. Even mom and pop stores have an Internet presence. Many companies don t even maintain a physical storefront; they do all their business online. Companies depend on their Web servers to present them to the Internet community.

Securing a Web server can be very complicated. In this chapter we learn how to secure a Windows 2000 server running Internet Information Services (IIS) 5.0. IIS is Microsoft s Web server product. IIS can be installed only on a computer running one of the Microsoft Server products (Server, Advanced Server, or Data Center Server). Windows 2000 Professional has its own version of IIS called Peer Web Services (PWS).

A number of steps go into securing a Web server. First, you need to secure the server physically. Next, you need to secure the operating system. Finally, you can begin to secure the IIS component itself. Some questions you can ask yourself when planning to secure your Web server are:

  • How secure is my IIS installation?

  • What type of clients will be accessing my Web server?

  • What services do I want to provide? (Your choices include Web services and FTP services.)

  • What type of authentication do I want or need to support?

  • Are there any domain names or IP addresses that I want to explicitly allow or deny?

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Operating System Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.