General discussion

  • Creator
  • #2297700

    Lock down IIS Web servers


    by debate ·

    What security problems have you encountered with Microsoft Internet Information Services (IIS)? What tips do you recommend for securing IIS Web servers during installation? Share your thoughts about securing IIS Web servers, as discussed in the Dec. 19 Security Solutions e-newsletter.

    If you haven’t subscribed to our free Security Solutions e-newsletter, sign up today!

All Comments

  • Author
    • #2671014

      lock down IIS server

      by dieudonne dominique ·

      In reply to Lock down IIS Web servers

      What’s the point not to put a IIS server in a domain if the web pages are NTlogin protected?
      Duplicating thousands of logins from a domain server to a standalone web server and making sure these logins are always updated is not that simple.

      • #2671514

        IIS domain

        by mike mullins ·

        In reply to lock down IIS server

        Web servers are public by nature, high priority targets and frequent points of entry into domains. Rather than making them member servers and exposing your entire domain to a hack through a web server.

        A more secure method is to authenticate users from a certificate that you issue. If a certificate get’s compromised. You can revoke and reissue without compromising your entire network. Also, if you have several public webservers. Put them in their own domain and use a one way trust to authenticate.

Viewing 0 reply threads