Shulou(Shulou.com)06/01 Report--

How to understand the security of IIS, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

The information server IIS is the most powerful and popular application in the BACKOFFICE series. Like the whole BACKOFFICE component, IIS is also generated around the WINDOWS NT system. It runs as a set of services provided by WINDOWS NT SERVER, allowing it to take advantage of the software features of WINDOWS NT.

However, ensuring the integrity of your data is still a key security issue that must be taken seriously. IIS can ensure the integrity of data by virtue of its rich and powerful authentication, access control and audit functions, because it is based on WINDOWS NT SERVER. In addition, it supports the secure plug-in layer SSL, which makes secure communications more confidential by encrypting conversations between IIS and all browsers that support SSL.

Hackers know that most WEB and FTP sites allow anonymous access. These sites are often misconfigured so that there are security vulnerabilities. Here are some measures that need to be taken to ensure that IIS completely protects your network and data from hackers.

First, use the existing security features of WINDOWS NT to protect IIS.

ISS provides security through the WINDOWS NT security model, that is, the user accounts and groups defined in the Security account Manager database determine what users can do once they connect to the IIS machine. It is important that you not only check your existing account permissions and permissions, but also restrict the account permissions and permissions used for anonymous access.

All services for recording IIS support a wide range of recording capabilities. Recording is important because it can be used to monitor suspicious activity to determine what should be retained and what should be cancelled for capacity planning.

It is easy to start logging, and events for each service are recorded together in the same common file. To start logging, open IIS MANEGER, double-click the server where you want to start logging, and display the PROPERTIES dialog box. Then click the LOGGING tab, and a dialog box will pop up. The use of this tag is quite straightforward, you just click the ENABLE LOGGING option, then you choose whether to log to a text file or to the SQL database, and determine how often the log file is updated.

Tip: when you install the server for the first time, set it to DAILY LOGGING so you can see the results every day. After a period of time, you will choose the most appropriate way to record.

The ADVANCED option IIS also supports simple filtering by clicking the ADVANCED tab of the SERVICE PROPERTIED dialog box. You can use the ADVANCED OPTIONS tag to restrict or allow certain IP addresses to access the WEB server. In the pop-up ADVANCED tag, activate By default all computer will be granted Access (by default, all computers will be given access) you can use the add button to enter certain IP address ranges that should be denied access.

Or, if you want to enforce strict security, you can choose By Default all computer will be den Access (by default, all computers will be denied access), and then determine the host table based on the IP address that should be able to access the machine. This is a powerful and valuable tool that helps ensure the security of your website, so it should not be ignored.

Second, IIS Advanced security performance is the same as Exchange Server, Internet information server provides Advanced security performance, so that your communication is absolutely secure. They are made up of SSL (secure plug-in layer) versions 2.0 and 3.0 and PCT (secure Communication Technology) 1.0. SSL provides data encryption, server authentication and mail integration for TCP/IP communications.

Secure plug-in layer (SSL) is a protocol developed by Netscape Communications and submitted to the World wide Web Consortium (W3C) as a standard to ensure the security of Internet communications. When a client that supports SSL (Internet EXPlorer2.0 and 3.x and Netscape 3.x) connects to a server that supports SSL, a "signalling handover relationship" occurs during the TCP/IP connection to verify which level of security will be implemented in the communication.

After the connection is established, the SSL then encrypts and decrypts the data that flows through the application protocol in use. All request and response information should be encrypted, including the uniform Resource Locator (URL) requested by the client, other forms of data (such as your address or food card number), any authentication information (username and password), and all data returned to the client by the server.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.