Internet Information Services (IIS) is a group of Internet services
for Windows servers (including a Web or Hypertext Transfer Protocol
server and a File Transfer Protocol server) with additional
capabilities for Microsoft Windows NT and Windows 2000 server
operating systems. As a Web-facing server, IIS is susceptible to a
wide variety of attack methods.
A standard Web server is vulnerable to the same variety of
attacks to an even larger degree. Every computer that needs to
access the Web must have a Web server and this type of connectivity
leaves it open to attack from everybody -- from your average Joe
user to the world's most clever hackers.
Check out these five tips to learn how to protect your Windows
network from the inherent security risks that users of Internet
Information Services and Web servers face every day.
IIS security: Configure Web server permissions for better access
control
Updating user access controls as business portfolios expand can
help protect confidential data. Learn how to secure user access
controls and keep your greatest asset under lock and key by
configuring IIS Web server permissions. SearchSecurity expert
Michael Cobb tells you how.
Internet Information Services Security Journal
IIS still may not be the most secure Web server on the market, but
with some careful configurations you can lock down IIS against most
attacks. Learn how to secure IIS and its many related services in
this IIS security journal.
Keeping your IIS server secure
Don't allow your IIS file server to remain vulnerable. Be proactive
and learn how to better secure it while running Windows Server
2003.
SQL Server security: Lock it down with 10 IIS tips
Harden SQL Server security with these 10 Internet Information
Server tips by Kevin Beaver, CISSP.
Step-by-Step Guide: Securing Web servers
So much business is done on the Internet that Web server security
is critical to overall security. This guide shows you how to
configure a Web server for security and how to test your
deployment.