Seeking IIS v6 checklist and clarification on authentication

From: "Pranav Lal" <pranav.lal@xxxxxxxxx>
Date: Tue, 2 May 2006 22:01:31 +0530

Hi all,

I need a checklist for hardening IIS that is internet Information Services
v6. I have found several guides on IIS v5 but very little on v6. This brings
me to my next point. I have found an article or 2 that explains the
differences between iis V5 and v6. One key difference was regarding
authentication. The IIS v5 checklist suggests that basic and direct
authentication should be disabled in IIS v5 since reversible encryption is
used especially in direct authentication. Is this true? I believe this has
changed in IIS v6 but what is the change?

Pranav

Follow-Ups:
- RE: Seeking IIS v6 checklist and clarification on authentication
  - From: Carl Davis

Prev by Date: RE: What firewall for small medical research lab
Next by Date: Re: Networking and DOS attacks
Previous by thread: Networking and DOS attacks
Next by thread: RE: Seeking IIS v6 checklist and clarification on authentication
Index(es):
- Date
- Thread

Relevant Pages

Re: HELP PLEASE The request failed with HTTP status 401: Access Denied.
... Web Security: Part 2: Introducing the Web Application Manager, Client ... Authentication Options, and Process Isolation ... It introduces the Web Application Manager in IIS that ... logon session, which is dangerous. ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: Can no longer access ActiveSync
... OMA and Exchange/Exchange-OMA virtual directory. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... issue may be caused by the Exchange attribute of original user account. ...
(microsoft.public.exchange.admin)
Re: Basic Authentication fails with Error 401.2 where Integrated s
... I didn't realise the Web Sites folder in IIS manager threw up a global ... sure that Basic Authentication is allowed to function on your server. ... ACCOUNTNAME, this is the account that I am trying to grant access to: ... Account: COMPUTERNAME\ACCOUNTNAME Access type: FULL ...
(microsoft.public.inetserver.iis.security)
Re: SBS2k3 and activesync over the air
... the Exchweb virtual directory. ... ONLY 'Basic authentication' is selected ... please restart your IIS service and test your issue again. ... Regarding ActiveSync issue, support code 0x85010014 means error HTTP 500. ...
(microsoft.public.windows.server.sbs)
Re: How can I set "remote_user" in ISAPI filter/Extension?
... HSE_REQ_EXEC_URL (ISAPI Extension functionality) is able to change the ... - ISAPI Filter requires Basic authentication configured, ... I have checked the new feature of IIS 6 Extension. ... No. Server Variables are read-only entities representative of the ...
(microsoft.public.inetserver.iis.security)