CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Chapter 5: Advanced Web Server Security Configuration

In this Chapter

Now that you are familiar with core web security features in IIS 6.0 such as web service extensions and MIME map settings, we will examine other security options in IIS. We will take an in-depth look at the authentication mechanisms and how IIS user accounts are used. Additionally, we will look at some not-so-often-discussed configuration options that can protect your web applications.

  • Configuring Authentication

  • Configuring IIS User Accounts

  • Configuring URLScan

  • Configuring Your Server to Use SSL

  • Configuring URL Authorization with the Authorization Manager

  • Configuring Custom Error Messages

  • Securing Include Files

  • Disabling Parent Paths

  • Configuring IP Address, TCP Port and Host-Header Combinations

By the end of this chapter you should be familiar with all aspects of the IIS request processing cycle and how settings in IIS can be used to secure your application against various forms of attack. Additional material on the configuration options and their relationship to one another can be found online at www.syngress.com/solutions.

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: E-Mail Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.