In Part I of the series we dealt with the installation of the IIS service whilst Part II covered issues related to configuring an IIS Server to handle encrypted connections. Until now, we used Internet Services Manager, a standard administration tool, to introduce changes in the IIS configuration settings. Part III is concerned with some new administration methods allowing one to modify IIS configuration settings that were previously unavailable.
The previous article showed you how to install, configure and, finally, how to connect your new Web Server to the Internet. Now you may be sure that the server runs securely. You have subscribed to Microsoft security bulletins not to omit any important patches. All you have to do now is to rest on your laurels. Are you sure about that?
IIS, an acronym for Internet Information Services is a web application server program that handles HTTP requests, ranking second in popularity (after Apache). Its popularity is mainly due to the fact that IIS sites are so easy to implement – just a few mouse-clicks away – from a total disaster.
Microsoft SQL servers are one of the favorite targets for Internet hackers, primarily because of the activity of worms (e.g. SQL Spida, Slammer) spreading through this service, secondly because the access to unsecured, however Internet-connected SQL servers is quite easy. In this article I would like to describe the rules for safeguarding the Microsoft SQL Server service to help you, dear readers, prevent yourselves from the consequences of possible attacks.