Site Security | Programming Microsoft Visual InterDev 6.0

Site security restricts access to authorized users. You can take many different approaches to site security, and each has its advantages and disadvantages. In addition to the standard security options provided by a Web server such as Microsoft Internet Information Server (IIS), you can also add a software or hardware firewall system for additional security. Additionally, you can install a proxy server or other solution on top of the Web server and firewall system. The options are rapidly increasing as developers learn more about how people use the Web.

IP Filtering

IIS lets you filter based on the IP address. IP filtering is easily compromised once you obtain a valid IP address. Since the IP address is passed in an unencrypted form across both the Internet and private networks, it doesn't provide true security.

Figure 22-1 shows the dialog box that appears when you choose to edit IP Address And Domain Name Restrictions on the Directory Security tab in the Default Web Site Properties dialog box within the Microsoft Management Console (MMC). This dialog box lets you change the IP address access to IIS.

click to view at full size.

Figure 22-1. The Microsoft Management Console (Internet Information Server) provides tools for filtering on either the IP address or DNS domain.

NOTE
IIS 4.0 provides much more fine-grained security than the IIS 3.0 Web server. A security tab within the Properties dialog box is present at several levels within the Internet Information Server snap-in in MMC. You can specify security settings at the directory level or file level by clicking on the appropriate node within the MMC, choosing Properties, and then choosing the relevant Security tab.

If you deny all other computers access to your Web server, you must enter the IP address of all computers that can access the Web server. To do this, click the Add button and enter the IP addresses in the Grant Access On dialog box shown in Figure 22-2. Or click the DNS Lookup button next to the IP address textbox, and IIS will prompt you for a domain name. The domain must be valid and reachable because IIS checks it as soon as you click OK to close the dialog box.

Figure 22-2. The Grant Access On dialog box, used for granting IIS Web site access to IP addresses and/or domain names.

You can, of course, allow access to some computers and disallow access to certain others by entering their IP addresses or domain names.

Either of these methods will work for many sites, but neither is very secure. The IP address is passed in clear text across the network (the Internet or an intranet), making it relatively easy to obtain. For instance, users with a sniffer application can usually pull the IP addresses. Through a process known as "spoofing," a user can make his or her message appear to the server as if originating from a valid address.

Windows NT User Access Rights

Windows NT provides flexible, industrial-strength security. Windows NT security is based on user IDs, passwords, and a robust challenge-and-response protocol that verifies user rights across a network without divulging any information that might compromise security. If your network is based on Microsoft Windows 95, Windows 98, or Windows NT and you use only an intranet, you have many options. You can actually meet your security needs by relying solely on Windows NT security features.

Each user account can be a member of one or more groups. You can assign Web access rights to a group instead of assigning them to individual user accounts. For instance, you can have a group named HR Web Admin that contains all the user accounts that can administer the Human Resources Web. This simplifies administration because you don't need to assign rights individually. You place all users with similar needs into a group, and then you assign the necessary rights once to that group. When new users are added to a group, they have all the rights granted to that group. When users are removed from a group, they lose any rights granted solely by their membership in the group—that is, they lose any rights that were not granted to them individually or through membership in another group. (Users can belong to any number of groups and can have the maximum combined rights granted through their membership in those groups.)

You can also assign other types of security beyond Web security to user groups. You can assign file and directory permissions as well as other permissions to a group, and the users of that group will have that level of access. The section titled "NTFS Permissions" later in this chapter provides more information on file and directory permissions.

Windows NT user access rights are checked whenever users try to access an IIS-hosted Web site. This is a powerful mechanism for controlling access to a site. Each time a user accesses any file or directory on the Windows NT system, that person's access to that object is verified.

Figure 22-3 shows the types of password authentication that the site administrator can select—Allow Anonymous Access, Basic Authentication (Password Is Sent In Clear Text), and Windows NT Challenge/Response.

Figure 22-3. The level of password authentication is set within the Authentication Methods dialog box within the Microsoft Management Console.

Selecting Allow Anonymous Access lets anyone connect to the site. When a user tries to access the site, IIS uses the user name and password from the Anonymous Logon frame. The Anonymous User account is created automatically during IIS installation. The user name is in the form IUSR_servername, where IUSR stands for Internet User and servername is the name of the server on which IIS is installed. The password is pseudorandomly generated.

If the Windows NT Challenge/Response check box is the only one selected, access is limited to Microsoft Windows 95/Windows 98 and Windows NT clients. This is because a portion of the Challenge/Response protocol is implemented by code contained only in those operating systems. This is a very secure option because the password is never sent over the network. Rather, the server sends a request for information to the client that can be answered only if the client knows the password. Using the password, the client calculates the answer to the server's question and sends back only the answer—not the password. (The answer is even encrypted.) Each time the server confirms the client's authenticity, it uses a new question so that a previously captured answer cannot simply be played back. The Basic (Clear Text) option lets browsers on any operating system pass a user name and password to IIS. The Challenge/Response mechanism unique to Windows 95/Windows 98 and Windows NT is not used; the information is passed unencrypted. This provides minimal security because someone could easily extract the plain text user name and password from network data.

FrontPage Server Extensions Permissions

The FrontPage Server Extensions add another level of security to your IIS site. Each Web application you create with Visual InterDev has the FrontPage directory and file structure automatically added to it. This lets the FrontPage Server Extensions provide enhanced security for the site. The extensions use Windows NT users and groups in granting three types of rights to a Web site or application:

Browse Users can only browse content in the site.

Author Users can change, add, and delete content on an existing Visual InterDev or FrontPage site.

Administer Users can create, delete, and set permissions on sites.

Figure 22-4 shows the Groups tab of the Permissions dialog box—choose Web Project|Web Permissions… from the Visual InterDev Project menu—which lets an administrator assign access rights to Windows NT groups. (The FrontPage Server Extensions installation requests that you specify an administrator account.)

Figure 22-4. Access rights can be assigned by user or by group.

To ease the administrative burden, you can create Windows NT groups and use Windows NT to manage the users in each group. For instance, you can create groups named Web Authors, Web Administrators, and Web Browsers. Prefacing the group names with the word Web reduces the confusion with other Windows NT groups, especially the built-in Administrators group. If anonymous logon is permitted, you might not need the Web Browsers group.

By default, all sub-Webs created using the FrontPage Server Extensions (through FrontPage 98 or Visual InterDev) inherit their permissions from the root Web. To alter rights on only a sub-Web, take the following steps:

Select the project and make it the Active project.

Choose Web Project|Web Permissions from the Visual InterDev Project menu to display the Permissions dialog box.

On the Settings tab, select the Use Unique Permissions For This Web Application option.

Click the Apply button to activate unique permissions for this site.

Click the Users tab or the Groups tab to show the current security for this project.

Click the Add button to add a new user or group to the Access Control List (ACL) for this project.

In the Add Groups dialog box (shown in Figure 22-5), select the users or groups.

Figure 22-5. The Add Groups dialog box lets you select users or groups to add to the list of authorized users or groups for a project.

NOTE
The Web Project|Web Permissions… menu item under the Visual InterDev Project menu is available only if your Web project resides on an NTFS partition. If you are running your Web root under the FAT file system, are running Windows NT, and wish to convert to NTFS, you can do so by running the CONVERT program from the DOS Prompt. The CONVERT program converts FAT volumes to NTFS and has the following syntax,
 CONVERT drive: /FS:NTFS [/V] 
where

drive specifies the drive to convert to NTFS. Note that you cannot convert the current drive.

/FS:NTFS specifies to convert the volume to NTFS.

[/V] specifies that Convert should be run in verbose mode.

To check the file system of your drives, you can choose Start|Programs|Administrative Tools (Common)|Disk Administrator. The Disk Administrator will tell you the format for each volume (logical drive) on your machine.

Connecting to a Proxy Server

A new feature in Visual InterDev 6.0 allows you to specify the settings for proxy servers. You can either have Visual InterDev use the same proxy server as the operating system or you can specify a particular proxy server just for your Web project.

Figure 22-6 shows the Options dialog box with the Web Proxy Settings displayed in the right-hand pane.

Figure 22-6. The Options dialog box within Visual InterDev showing the Web Proxy Settings.

Specifying the proxy server is useful when you are developing against a Web server that is outside of your corporate firewall on the Internet. Using the proxy can help to get you outside your intranet and onto the development Web server on the Internet.

To use the same proxy server as the operating system, simply check the Use System Settings check box. To use other customized settings, uncheck the Use System Settings check box and enter the name of the proxy server to use in the HTTP Proxy text box. Next enter the IP addresses of any hosts that should not use the proxy server in the List Of Hosts Without Proxy text box.

If you want all local IP addresses on your intranet to be accessed without using the proxy server you have just entered, check the Do Not Use Proxy Server For Local (Intranet) Addresses check box.

NTFS Permissions

The Windows NT File System (NTFS) supports the concept of user permissions through an Access Control List (ACL). The ACL contains information on which users and groups have permissions for specific files and directories.

Any member of the Windows NT Administrators group can modify the ACL for any file or directory. (It might be necessary to take ownership of that object first.) Removing the Anonymous User account from the ACL for a file or directory means that anyone trying to access that file is prompted for a valid Windows NT user name and password. If the user supplies a proper user name and password, the user is granted access; otherwise, access is denied.