Chapter 9: Adding Windows NT and Internet Information Server

Download Report

Transcript Chapter 9: Adding Windows NT and Internet Information Server 

IS 4506
Windows NTFS and IIS
Security Features
 Overview

Windows NTFS Server security

Internet Information Server security features

Securing communication with IIS

Configuring SSL

Digital Certificates
Windows 2000 Server Security Recommendations

Securing User Accounts and Groups

Allow anonymous access with Internet guest account

Require users to choose difficult passwords

Limit administrator accounts

Applying Strict Account Policies

Securing Resource Access - NTFS Permissions

IIS Security Checklist
(Page 134)
File
Systems
Operations
Access
Permissions
NTFS Permissions (Page 134)
Five standard types of permissions:

Full Control

No Access

Read

Change

Special Access
Other Windows NTFS Security Measures

Limit the number of protocols the network adapter
cards use.

Use the Bindings tab in the Network Program in Control
Panel to unbind any unnecessary services or protocols.

Turn off the Windows NT Server Service on the IIS
Server to prevent users from viewing shares.

Use NT Filtering
 Access Control with IIS

Web access control

IP access and domain name restrictions

Anonymous access and authentication control

Authentication methods

Web Server permissions for files and directories

NTFS permissions
Security Requirements for Internet Servers

Authentication of users

Resource access control

Encrypted communication

Auditing and logging
Web Server Permissions for Files and Directories
Authentication Methods
Anonymous Access and Authentication Control

Anonymous Access has user-applied restrictions

Authentication Control denies access and then queries
the user for authentication
Name:
Password:
Name:
Xxxx
Password:
xxxxxxxx
IP Access and Domain Name Restrictions
Web Access Control
Web server receives request
No
Yes
IP address permitted?
No
Yes
User permitted?
No
Yes
Web
server permissions allow
access?
Yes
NTFS
permissions allow
access?
No
No
Yes
Access granted
Access denied
Review

Windows NT Server security recommendations

Security requirements for Internet servers

Access control with IIS

Securing communication with IIS
Lab 9: Restricting Access to a Web Site
Review

Windows 2000 Server security recommendations

Security requirements for Internet servers

Access control with IIS

Securing communication with IIS