Configuring Security

Author: pharr

Published on November 14, 2007 by pharr

Updated on January 29, 2009 by pharr

Average Rating  Rate It (0)

RSS

In This Section

IIS7 Security Improvements

Introduction This article contains the following: Reduced Surface Area Simplified Security Management New Security Enhancements Reduced Surface Area IIS 6.0 introduced the lockdown by default approach. This was a significant shift from previous versions of ...

Configuring One-to-One Client Certificate Mappings

Background IIS 6 had a User Interface to configure and map one to one certificates for authentication. It allowed users to select the validation client certificate and assign the authorized user credentials. There isn't a similar UI in IIS 7. This walkthrough ...

Using Dynamic IP Restrictions

Introduction The Dynamic IP Restrictions for IIS 7.0 is a module that provides protection against denial of service and brute force attacks on web server and web sites. Such protection is provided by temporarily blocking IP addresses of the HTTP clients who ...

Securing Content in IIS through File System ACLs

1 Describing ACLs ACL stands for Access Control List, and is a list of permissions associated with an object. Each of these permission entries is called an ACE (Access Control Entry) which contains permissions associated with a particular object for a particular ...

Application Pool Identities

Introduction IIS introduces a new security feature in Service Pack 2 of Windows Server 2008 and Windows Vista. It's calledApplication Pool Identities. Application Pool Identities allows you to run Application Pools under an uniqueaccountwithout having to create ...

Understanding the Built-In User and Group Accounts in IIS 7.0

Introduction In previous versions of IIS, we had a local account created at install time called IUSR_MachineName. The IUSR_MachineName account was the default identity used by IIS whenever anonymous authentication was enabled. This was used by both the FTP ...

Using Encryption to Protect Passwords

Introduction This document provides an overview ofthe steps required for setting both application pool and worker process isolation for IIS 7.0 servers. Application pool isolation entails protecting data that WAS (the IIS 7.0local system process) needs to ...

Understanding IIS 7.0 URL Authorization

Introduction Authorization wasdifficult in previous versions of IIS. Because IIS only worked with Windows identities, you had to go to the file system and set Access Control Lists on files and directories. This was tedious because the ACL UI is complex and ...

How to Use Request Filtering

Introduction URLScan, a security tool, was provided as an add-on to earlier versions of IIS so administrators could enforce tighter security polices on their web servers. Within IIS 7.0,the IIS team hasincorporated all the core features of URLScan into a module ...

Using Enhanced Request Filtering Features in IIS7

This article provides a list ofcommonusage scenarios for enhanced Request Filtering features, which is shipped with Windows Server 2003 SP2 or can be downloaded from http://www.microsoft.com/downloads/ for Windows Server 2008 RTM. In the absence of a corresponding ...

Configuring SSL in IIS Manager

Enabling powerful SSL security to protect your Web applications is simpler to setup with IIS Manager and easier to deploy with self-signed certificates in IIS 7.0. This tutorial covers adding self-signed certificates, creating certificates with a Certificate ...

How to Setup SSL on IIS 7.0

Introduction The high-level steps for configuring SSL are the same in IIS 7.0and IIS 6.0: Get an appropriate certificate Create an HTTPS binding on a site Test by making an request to the site Optionally configure SSL options, e.g. making SSL a requirement ...

How to Use Locking in IIS 7.0 Configuration

Abstract This document explains how to lock and unlock configuration on the server. You will learn what settingsthe application-level configuration files can overrideand how to use the location> element to lock entire sections. You will experiment with ...

Using URLScan

Comments

You must Log In to comment.