General discussion


Lock down IIS Web servers

By debate ·
What security problems have you encountered with Microsoft Internet Information Services (IIS)? What tips do you recommend for securing IIS Web servers during installation? Share your thoughts about securing IIS Web servers, as discussed in the Dec. 19 Security Solutions e-newsletter.

If you haven't subscribed to our free Security Solutions e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

lock down IIS server

by dieudonne dominique In reply to Lock down IIS Web servers

What's the point not to put a IIS server in a domain if the web pages are NTlogin protected?
Duplicating thousands of logins from a domain server to a standalone web server and making sure these logins are always updated is not that simple.

Collapse -

IIS domain

by Mike Mullins In reply to lock down IIS server

Web servers are public by nature, high priority targets and frequent points of entry into domains. Rather than making them member servers and exposing your entire domain to a hack through a web server.

A more secure method is to authenticate users from a certificate that you issue. If a certificate get's compromised. You can revoke and reissue without compromising your entire network. Also, if you have several public webservers. Put them in their own domain and use a one way trust to authenticate.

Related Discussions

Related Forums