March 2008
Intermediate to advanced
838 pages
23h 16m
English
book
Professional IIS 7.0
by Ken Schaefer, Jeff Cochran, Scott Forsyth, Rob Baugh, Mike Everest, Dennis Glendenning
Content preview from Professional IIS 7.0Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 13. Securing the Server
"We have just installed Application X onto IIS and would like to know what steps we need to take to make IIS secure." This is one of the most common questions faced in the security arena, and this hasn't changed from when IIS ran on NT to the present day. The question, however, presupposes that there is some set of discrete steps that can be undertaken to secure IIS, and that there is some finite end point that can be described as "secure."
Certainly there are a lot of products and organizations that claim to make your server secure or secure your application or secure your organization. As a security implementer (or even just someone with a dilettante interest), to what extent should you place credence in such claims?
This introductory chapter on security covers the following topics:
The basic principles of network and computer security.
New or improved technologies in Windows Server 2008 that can enhance your overall network security.
Configuring IIS 7.0 to enhance the security of your web server.
Additional items (such as application layer security) that you will need to consider when evaluating overall environmental security.
Beyond this chapter, the next two chapters delve into more specific security areas. Chapter 14 deals with Authentication and Authorization, and Chapter 15 deals with SSL and TLS. These chapters should be read together to get a good understanding of the security technologies and infrastructure that are most important when managing ...