You can control which users and computers can access your Web server and its resources. There are two main types of access control: NTFS permissions, which are controlled by the operating system, and Web site permissions, which are controlled by IIS. To help secure your Web server, you should use a defense-in-depth strategy, combining proper authentication methods with tools such as firewalls and the appropriate NTFS permissions and Web site permissions. IIS built-in accounts and features, such as URL authorization, help you control access to resources on multiple levels, from entire Web and FTP sites to individual files or specific URLs.