IN THIS CHAPTER
• Unlocking the IIS 6 Server
• Passport.NET Authentication
• Setting the identity of Worker Processes
IIS has a rather unfortunate reputation of being relatively insecure. This is largely due to a number of relatively high-profile attacks on the IIS platform. In recent years, the most famous of these was the NIMDA worm and the Code Red worm before it, which spread through a vulnerability in the IIS code.
The worm spread very quickly for two reasons. First, IIS was installed and enabled by default on Windows 2000, and was a frequently installed component of Windows NT 4.0 through the Option Pack even if IIS wasn't required. This meant that in many cases, computers that weren't even acting ...