The defense of IIS Security (1)

Source: Internet
Author: User
Tags anonymous iis log range version access
iis| Security

Information Server IIS is the most powerful and popular application in the BackOffice family of products, and as with the entire BackOffice component, IIS is built around the Windows NT system. It runs as a set of services provided by Windows NT Server, allowing it to take advantage of the various software features of Windows NT.

However, ensuring that your data integrity remains a critical security issue that must be taken seriously. With its rich and powerful authentication, access control, and auditing capabilities, IIS can guarantee data integrity because it is based on a Windows NT server system. In addition, it supports Secure Sockets Layer SSL, which guarantees secure communications more confidentially by encrypting conversations between IIS and all browsers that support SSL.

Hackers know that most Web and FTP Web sites allow anonymous access. These sites are often incorrectly configured, so there are security vulnerabilities. Here's what you need to do to ensure that IIS makes your network and data completely immune to hacking.

First, using existing Windows NT security to protect IIS ISS from providing security through the Windows NT security model, the user accounts and groups defined in the Security Accounts Manager database will determine what they can do once the user is connected to the IIS machine. It is important that you not only check your existing account rights and permissions, but also restrict the account permissions and permission rights used for anonymous access.

All of the service programs that log IIS support a wide range of logging capabilities. Logging is important because it can be used to monitor suspicious activities to determine what should be retained and what should be canceled for capacity planning.

It is easy to start logging, and events for each service are recorded together in the same common file. To start logging, open IIS Maneger and double-click the server for which you want to start logging to display the Properties dialog box. Then click the Logging tab and a dialog box will pop up. The usage of the label is fairly straightforward, you simply click the Enable Logging option, and then you choose whether to log to a text file or to a SQL database and determine how often the log file is updated.

Tip When you first install the server, set the daily LOGGING (log) so that you can see the results every day. After a while, you can choose the most appropriate way to record.

Advanced option by clicking the Advanced tab of the Service Propertied dialog box, IIS also supports simple filtering. You can use the Advanced Options tab to restrict or allow access to Web servers for certain IP addresses. In the Advanced tab that pops up, activate by default all computer would be granted access (the default is that all computers will gain access) you can use the Add button to enter the range of specific IP addresses that should be denied access.

Alternatively, if you want to enforce strict security, you can choose by default all computer will to den access (all computers are denied access by default), and then determine the host table based on the IP address that should be able to access the machine. This is a powerful and valuable tool that helps ensure the safety of your site and should not be overlooked.

Ii. IIS Advanced Security performance as with Exchange Server, Internet Information servers provide advanced security performance and make your communication absolutely secure. They consist of SSL (Secure Sockets Layer) version 2.0 and version 3.0 as well as PCT (Secure communications Technology) 1.0. SSL allows data encryption, server authentication, and message integration for TCP/IP traffic



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.