CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Now that you are familiar with core web security features in IIS 6.0 such as web service extensions and MIME map settings, we will examine other security options in IIS. We will take an in-depth look at the authentication mechanisms and how IIS user accounts are used. Additionally, we will look at some not-so-often-discussed configuration options that can protect your web applications.
Configuring Authentication
Configuring IIS User Accounts
Configuring URLScan
Configuring Your Server to Use SSL
Configuring URL Authorization with the Authorization Manager
Configuring Custom Error Messages
Securing Include Files
Disabling Parent Paths
Configuring IP Address, TCP Port and Host-Header Combinations
By the end of this chapter you should be familiar with all aspects of the IIS request processing cycle and how settings in IIS can be used to secure your application against various forms of attack. Additional material on the configuration options and their relationship to one another can be found online at www.syngress.com/solutions.