Security is an extremely important aspect of your Web site. Securing a CMS site means preventing unauthorized access to the site while allowing authorized access. CMS site security is not something to be taken lightly; securing the CMS environment takes time and requires planning because there are multiple layers and variables to consider. CMS page processing involves IIS, ASP.NET, the CMS content server, and the CMS database. This means that, in addition to internal CMS security mechanisms, CMS uses the security of these technologies. Depending on whether your site is internal or external as well as on your selected model for CMS site security and your company security policy, the settings you need to configure will be different.
In this chapter, we will look into the different options that may be used for securing a CMS installation and then go through the security settings for different CMS scenarios, including CMS intranet, Internet, and extranet sites.