Master advanced security configuration in Internet Information Server 6.0

Examine security options in Internet Information Server (IIS) in this sample chapter from CYA Securing IIS 6.0. Take an in-depth look at the authentication mechanisms and how IIS user accounts are used. Then, look at some infrequently discussed configuration options that can protect your Web applications. Chapter coverage includes:

• Configuring authentication
• Configuring IIS user accounts
• Configuring URLScan
• Configuring your server to use SSL
• Configuring URL authorization with the authorization manager
• Configuring custom error messages
• Securing include files
• Disabling parent paths
• Configuring IP address, TCP port, and host-header combinations

By the end of the chapter, you will be familiar with all aspects of the IIS request processing cycle and how settings in IIS can be used to secure your application against various forms of attack.

Title: CYA Securing IIS 6.0
ISBN: 1931836256
Published: April 2004
Authors: Bernard Cheah, Ken Schaefer, Chris Peiris
Chapter: Chapter 5: Advanced Web Server Security Configuration
Published by Syngress Publishing