Re: IIS 6 Integrated Security....risks??


"Roberto López" <rlopez@xxxxxxxxxxxxxxxx> wrote in message news:uqen02bMIHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
My first concern is to ensure that the domain server and all data on it is
sure.

Integrated Windows Authentication does not secure your server, or the data on it.

And the user names and passwords are secured.

Windows already stores usernames and passwords securely. You need to protect these "in transit", and also to ensure that user's do not disclose them to others

We do not want users to have to write name and password a lot of times.

Write it where? You mean enter them?

And
we do not want that users have many different names and passwords to
remember.

So, you need a single authentication store - something like Active Directory. IWA doesn't help with this per se, because other authentication mechanisms (like Basic or Digest Auth) can also use AD acconts.


The data that is being passed on those web pages needs to be protected too.
I think I need SSL to this?

Yes - SSL/TLS is one technology you can use for this. Or IPSec is another.

Cheers
Ken

.

Relevant Pages

  • Re: How can I restore from a secured backup?
    ... of domain server and domain-joined computers)? ... I do not define backups as being unsecured because I ... hallways and around the exterior of the building with all exterior doors ... I call that secure,...and I didn't secure it with a "computer". ...
    (microsoft.public.windows.server.general)
  • Integration with Excel 2003
    ... Tried a couple of things based on posts on this site ... Ensured that there is no anonymous access to the site ... Also the site uses Integrated Windows authentication with a WiNNT based domain server. ...
    (microsoft.public.sharepoint.portalserver)