CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Released as part of the Windows 2003 Server family, Internet Information Services (IIS) 6.0 is the latest incarnation of Microsoft s Internet server. In the six years since IIS 1.0 was released (as part of Windows NT 3.51), IIS has rapidly developed, adding new features and scaling to new levels of performance. IIS 6.0 is no different. It offers significant improvements in scalability, security, manageability, reliability and performance over previous versions of IIS. However, it is the improvements in security and scalability that will probably most impress systems administrators.
By the end of this chapter, you will be familiar with the major components of IIS 6.0, how IIS 6.0 differs from previous versions, and the workings of the internal architecture of IIS 6.0.
This section serves as an introduction to the new and/or enhanced features in IIS 6.0, and how they compare to features in previous versions of IIS.
IIS 6.0 has been extensively redesigned to improve reliability and availability, in particular the components involved in serving and managing the Web server. A new fault-tolerant architecture detects and restarts failed web-based applications, while a new request system reduces dropped user connections by queuing incoming user requests until a restarted web application is able to process them.
Table 1.1 lists the major reliability and availability improvements in IIS 6.0.
| Feature | Explanation |
|---|---|
| Application Pools | IIS 6.0 introduces web application pools. Websites (and web applications... |