Chapter 7: Managing Web Server Security
|
Overview
In this chapter you’ll learn how to manage Web server security. Web servers have different security considerations from those of standard Microsoft Windows servers. On a Web server you have two levels of security:
-
Windows security At the operating system level, you create user and group accounts, configure access permissions for files and directories, and set policies.
-
IIS security At the level of Internet Information Services (IIS), you set content permissions, authentication controls, and operator privileges.
Windows security and IIS security can be completely integrated. The integrated security model allows you to use authentication based on user and group membership as well as standard Internet-based authentication. It also allows you to use a layered permission model to determine access rights and permissions for content. Before users can access files and directories, you must ensure that the appropriate users and groups have access at the operating system level. Then you must set IIS security permissions that grant permissions for content that IIS controls.
You’ll use the security discussion in this chapter as a stepping-stone to later discussions that cover security for other IIS resources, including File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Network News Transfer Protocol (NNTP). Later discussions focus on what’s different rather than rehashing what’s already been discussed in this chapter.
|
