Your Windows 2000/internet information Server (IIS) 5.0 Web site has been set up, ready to start running, only to find it plagued by security vulnerabilities. Security vulnerabilities can of course be remedied, but that depends on how you deal with them. If a malicious hacker has not yet found the unseen cracks, this does not mean that you can rest easy. They may just have not found your site yet.
So, how can the most advanced operating system and Web server software be so imperfect? That is not the case. There are many security breaches that are attributable to the functionality that Microsoft provides in IIS. If these attributes are noted with proper attention, they will allow for the use of customization (the application of the system) and be more flexible in execution. But when they are ignored, misunderstood, or incorrectly used, they become vulnerable to attack.
The impact of these weaknesses can be very significant. One of these allows intruders to fully access the archived file systems that are stored online. Another source code that allows intruders to see Active Server Pages (ASP). There is also a permit for intruders to execute operating system commands on a network server.
This may seem like a problem with IIS, which does not mean that other network servers can provide more stringent security than IIS. Robichaux & Associates Security advisor and Microsoft Technet columnist Paul Robichaux said that the Windows 2000 series network servers are no more vulnerable than other servers, and almost all servers Have their own security vulnerabilities.
The famous are tired of being blamed
Carnegie-mellon University's CERT coordination Center is a highly pointer web site dedicated to improving network security and security issues on the web. This web site is a topic of security vulnerabilities that plague all Web servers and related products.
Ironically, visibility may be the reason why IIS 5.0 is more likely to expose security vulnerabilities than other servers such as Apache. It looks like IIS is the flagship of Microsoft's network, and its popularity is enough to attract the attention of many hackers.
So the bad news is that if you simply execute IIS, the chances of being targeted by hackers are greater. The good news is that if you fully understand IIS and take appropriate safeguards, you can effectively prevent hackers from invading. But Robichaux warns that patching security holes is not as simple as pressing a button labeled "safe", and that protecting your site requires new techniques and tools.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
