RE: How secure are virtual folders on IIS server
From: Michael Laing (mdonlinelaing@microsoft.com)
Date: 08/14/02
- Next message: GuoZhenying: "Re: Get Client Certificate on non-English System Locale Server"
- Previous message: R. Walls: "How to request renew of certificate for IIS 4.0"
- In reply to: Dinesh: "How secure are virtual folders on IIS server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mdonlinelaing@microsoft.com (Michael Laing) Date: Wed, 14 Aug 2002 17:18:44 GMT
Hi Dinesh,
A virtual directory in IIS can be as secure as you want to make it. It
really depends on what the purpose of the folder is and how much access you
want to grant to it. When securing virtual containers in IIS, remember
that you will have to set NTFS permissions on the physical folder that the
virtual directory maps to, as well as setting the Authentication method for
the directory in the IIS Services Manager.
Below are some article references that will be a good place for you to
start when thinking about securing IIS.
1) First, restrict the NTFS permissions on the physical folder as much as
you see fit. This article explains the minimum NTFS permissions needed for
IIS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q187506
2) In IIS, set an appropriate Authentication method. For example, if you
don't want to allow just anyone to have access to the directory, do not
allow Anonymous Access. This article discusses the different
Authentication methods in IIS:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q158229
3) Secure your site with SSL:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q324069
4) Enforce further security at the global level by using the IIS Lockdown
tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q325864
I hope this helps!
Michael Laing
Microsoft Developer Support
Internet Information Server
***********************
>>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2002 Microsoft Corporation. All rights reserved.
***********************
--------------------
| Content-Class: urn:content-classes:message
| From: "Dinesh" <VNDDMittal@ikon.com>
| Sender: "Dinesh" <VNDDMittal@ikon.com>
| Subject: How secure are virtual folders on IIS server
| Date: Tue, 13 Aug 2002 08:29:38 -0700
| Lines: 10
| Message-ID: <2bb801c242de$3ca47920$9ae62ecf@tkmsftngxa02>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcJC3jykLv7F0NFOSj6XuepKyLsnsQ==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: TKMSFTNGXA02 10.201.232.161
| Path: cpmsftngxa06!cpmsftngxa10
| Xref: cpmsftngxa06 microsoft.public.inetserver.iis.security:9303
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Hi,
| Can anybody tell me that how secure are virtual folder
| on an IIS web server ???
| And what extra settings are required for virtual folders
| to be secure.
|
| Thankx in advance,
|
| Regards,
| Dinesh
|
- Next message: GuoZhenying: "Re: Get Client Certificate on non-English System Locale Server"
- Previous message: R. Walls: "How to request renew of certificate for IIS 4.0"
- In reply to: Dinesh: "How secure are virtual folders on IIS server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
