iis| Security for IIS services, whether the WWW site, FPT site, or NNPT, smpt services, and so on have their own listening and receiving browser requests of the TCP port number (Post), the commonly used port number is: www is 80,fpt is the 21,smpt is 25, You can improve the security of your IIS server by modifying the port number. If you modify the port settings, only users who know the port number can access it, but the user needs to specify a new port number when accessing it.
Security for 7.IP forwarding
The IIS service provides forwarding of IP packets, at which point the IIS server acting as a router will forward the IP packets received from the Internet interface to the intranet, disabling this feature will increase the security of the IIS service. Set the method as follows:
Select Start menu → programs → Microsoft InternetServer (public) → Internet Services Manager → start Microsoft Internet service manager→ Double-click WWW Start the WWW service Properties page → Select the protocols tab → remove routing in TCP/IP properties.
8.SSL security mechanism
SSL (Cryptographic Sockets Layer) is located between the HTPT layer and the TCP layer, establishes the encrypted communication between the user and the server, and ensures the security of the information transmission. SSL works on the basis of public and private keys. Any user can obtain a public key to encrypt the data, but the decryption data must pass the corresponding private key. When using the SSL security mechanism, first, the client and the server to establish a connection, the server to its digital certificate and public key one concurrent to the client, the client randomly generated session key, with the public key from the server to encrypt the session key, and the session key on the network passed to the server, The session key can only be decrypted with a private key on the server side, thus creating a unique secure channel on both the client and server side. The specific settings are as follows:
Select Start menu → programs → Microsoft Internet Server (public) → Internet Services Manager → start Microsoft Internet service manager→ Double click WWW Start WWW Service Properties page → Select Directory security tab → Click the Key Manager button → generate key file through Key Manager and request files → apply for a certificate from the authentication permission → Install the certificate on the server through the Key Manager → Activate the SSL security for the Web site.
Once SSL security is established, only SSL-enabled customers can communicate with SSL-allowed Web sites, and when using a URL resource Locator, note that the input is "htpts://" rather than "htpt://".
The implementation of SSL security mechanism will increase system overhead and increase the additional burden on the server CPU, which will reduce the system performance to some extent. The author recommends that you consider using SSL security only for highly sensitive web directories when planning your network. In addition, SSL clients need to use IE version 3.0 and above to use.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.