Windows Server Security

How URL Authorization Increases Web Server Security

Web servers, by their very nature, are usually exposed to outsiders and thus are vulnerable to compromise and attack. Internet Information Services (IIS) version 6, included with Windows Server 2003, provides a number of new security features designed to increase web server security. One of these is URL authorization, which works in conjunction with Server 2003’s Authorization Manager. In this article, we’ll take a look at how URL authorization is implemented in IIS 6.0, the practicalities of using it in your web services environment, and how it enhances the security of your web sites and services.

Secure Architecture for an SQL / Web Server

There are many ways to hack a Web server. One cannot assume that database servers are unassailable fortresses. So what should one do if a Web server which derives data from a database needs to be made accessible? The most obvious answer to this question is to run like hell to a calmer job. Luckily there are other, more rational answers. This article attempts to show the reader how to find the answers.

IPv6: Windows Server 2003 Supports a More Secure IP – Sort of

When you think of version 6, the “next generation” of the Internet Protocol, your first thought is probably more available addresses. Indeed, the primary reason for developing a new version of IP was the anticipated critical shortage of addresses under the 32 bit addressing scheme of version 4. However, IPv6 provides for more than just an increase in the number of available addresses. It is also designed to provide for better performance and, even more important in today’s business world, better security of IP communications.

Installing and Securing IIS Servers (Part 3)

In Part I of the series we dealt with the installation of the IIS service whilst Part II covered issues related to configuring an IIS Server to handle encrypted connections. Until now, we used Internet Services Manager, a standard administration tool, to introduce changes in the IIS configuration settings. Part III is concerned with some new administration methods allowing one to modify IIS configuration settings that were previously unavailable.

Installing and Securing IIS Servers (Part 2)

The previous article showed you how to install, configure and, finally, how to connect your new Web Server to the Internet. Now you may be sure that the server runs securely. You have subscribed to Microsoft security bulletins not to omit any important patches. All you have to do now is to rest on your laurels. Are you sure about that?

Installing and Securing IIS Servers (Part 1)

IIS, an acronym for Internet Information Services is a web application server program that handles HTTP requests, ranking second in popularity (after Apache). Its popularity is mainly due to the fact that IIS sites are so easy to implement – just a few mouse-clicks away – from a total disaster.

Changes to Default Settings Make Windows Server 2003 More Secure (Part 2)

Microsoft has made a number of changes to the default settings in Windows 2003 to make it more secure “out of the box.” In Part 2, we’ll examine the changes that have been made to the default settings for common services and changes in the authentication process, and we’ll discuss some areas in which some believe that Server 2003’s defaults are still too open.

Windows Server 2003 Disaster Recovery Planning (Part 2)

In this article, we will discuss what every Microsoft Windows Administrator and Engineer should think about when trying to manage their environments in the scope of planning for Disaster Recovery and Business Continuity. This is Part II in a 4 part article series where we will cover many of the details administrators and engineers need to know about planning Disaster Recovery for Windows Systems, as well as for their networks in general.

Changes to Default Settings Make Windows Server 2003 More Secure (Part 1)

One big change, very noticeable in Windows Server 2003, is the difference in default settings. In this two-part article, we’ll look at how the out-of-the-box server differs in its defaults from previous versions and how the new defaults make the OS more secure (while at the same time causing frustration for some admins and users who find themselves unable to gain access that was available without any reconfiguration in earlier operating systems). In Part 1, we’ll focus on how the default permissions have changed, changes to the membership of the Everyone group, and ownership of objects.

Scroll to Top