IIS due to the ease of maintenance of NT systems, more and more small and medium-sized enterprises in their own web site and internal office management system to adopt it, and many are using the default IIS to do Web server use. Of course, we can not deny that several recent threats to the NT system are caused by improper IIS configuration, and can be foreseen, the future of IIS will be found many new vulnerabilities and security issues, but as long as we do a reasonable security configuration, or can avoid a lot of security risks. This article does not systematically talk about how to fully secure the configuration of IIS, I only from the use of SSL encryption HTTP channel to enhance IIS security.
First, the establishment of SSL security mechanism
IIS authentication, in addition to anonymous access, Basic authentication, and Windows NT Request/Response, is a more secure authentication that uses digital certificates through the SSL (security Socket Layer) secure mechanism. SSL (the cryptographic Sockets Layer) is between the HTTP layer and the TCP layer, establishing encrypted communication between the user and the server, ensuring the security of the information passed. SSL is based on public and private keys, and any user can obtain a public key to encrypt the data, but the decryption data must pass the corresponding private key. When using the SSL security mechanism, first, the client and the server to establish a connection, the server to its digital certificate and public key one concurrent to the client, the client randomly generated session key, with the public key from the server to encrypt the session key, and the session key on the network passed to the server, The session key can only be decrypted with a private key on the server side, so that the client and server end up with a unique secure channel.
Once SSL security is established, only SSL-enabled customers can communicate with SSL-allowed Web sites, and when using a URL resource Locator, enter https://instead of http://.
Simply put, by default, the HTTP protocol we use has no encryption, and all messages are transmitted in clear text across the network, and a malicious attacker can install a listener to obtain communication between us and the server. This harm in some enterprises in the internal network is particularly large, for the use of the hub of the enterprise intranet is simply no security can be said because anyone can see other people on a computer in the network activities, for the use of the switch to networking network, although the security threat is much smaller, However, many times there will be a security breach, such as the switch does not change the default user and password, people go up to their own network interface set as a listener, can still monitor the entire network of activities.
So full encryption of the entire network transmission tunnel is really a good security, it is a pity is now on the network on the specific to IIS configuration of SSL is not a lot of articles, I have a simple groping under my experience to share.
Ii. Methods of operation
As an example of the WIN2000 server version, we first need to install Certificate Services in the Control Panel by adding and removing Windows components, which are not installed in the system in the default installation, and need to be installed on the CD.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.