Chapter 12
Web Service Security
About This Chapter
Web servers, which have become as ubiquitous in private networks as they are on the Internet, are used for so many different purposes that no single security method is appropriate for all of them. Because a Web server must be available to a large number of clients whose identities might not be known, configuring it for maximum security in its specific environment (such as on the Internet or as an intranet or extranet server) is vital.
Microsoft Windows 2000 Server includes Internet Information Services (IIS), a set of services that enables a Windows 2000 server to function as a Web server. IIS supports a number of security features, including basic user authentication, certificates, and Secure Sockets Layer (SSL) encryption. By configuring these security features correctly, you can make your Web servers as secure as possible.
Before You Begin
To complete this chapter, you must have
A domain controller for the domain.fabrikam.com domain
An enterprise or standalone certificate authority as configured in Chapter 5, "Certificate Authorities"
A Windows 2000 Server computer running IIS
A Windows 2000 or Microsoft Windows XP client computer on the domain
A Web browser that supports SSL connections
IIS is installed by default on Windows 2000 Server. If the computer was upgraded from an earlier operating system, you might need to install IIS separately.