CYA Securing IIS 6.0 (Paperback)

Chris Peiris, Bernard Cheah, Ken Schaefer

  • 出版商: Syngress Media
  • 出版日期: 2004-06-09
  • 售價: $1,710
  • 貴賓價: 9.5$1,625
  • 語言: 英文
  • 頁數: 352
  • 裝訂: Paperback
  • ISBN: 1931836256
  • ISBN-13: 9781931836258
  • 已過版

買這商品的人也買了...

商品描述

Description:

Cover Your A** By Getting it Right the First Time

  • Prove You Did It Right the First Time
  • Be Responsible, Don't Be to Blame
  • Secure Your Network and Your Career

Don't lose your job over an ugly and porous Internet Information Server (IIS) 6 installation. Read this book and cover your a** today! It contains easy-to-access coverage of just about every documented IIS 6 security setting. The following features ensure that you know exactly what you are reading at all times: By the Book A clear presentation of Microsoft's recommended security configurations and policies based on the business needs of your network. Reality Check Warnings about the potential downside of certain "best practices" that you as the system administrator need to know. Your A** Is Covered A comprehensive checklist to all of the security-related configuration consoles in IIS. Best of all, it's written in a "get to the point" style that clearly explains exactly what you need to know about installing, managing, and troubleshooting.

 

Table of Contents:

Contents
About the Book . . . . . . . . . . . . . . . . . . . . . . .xvii
Chapter 1 Introducing IIS 6.0 . . . . . . . . . . . . . .1
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . . .1
IIS 6.0 Enhancements . . . . . . . . . . . . . . . . . . . . . . .2
Increased Reliability and Availability . . . . . . . . . . .2
Manageability Improvements . . . . . . . . . . . . . . . .3
Scalability and Performance Improvements . . . . . .5
Increased Security . . . . . . . . . . . . . . . . . . . . . . .7
Understanding IIS 6.0 Architecture . . . . . . . . . . . . .10
Services Provided by IIS 6.0 . . . . . . . . . . . . . . .10
HTTP.SYS Kernel Mode Driver . . . . . . . . . . . .12
Inetinfo.exe Process and the IISAdmin Service . .12
The World Wide Web (WWW) Publishing
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Application Processing Modes . . . . . . . . . . . . . .14
IIS 6.0 Worker Process Isolation Mode . . . . .14
IIS 5.0 Isolation Mode . . . . . . . . . . . . . . . . .17
Your A** is Covered if You… . . . . . . . . . . . . . . . . .19
Chapter 2 Hardening Windows Server 2003 . .21
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . . .21
Get Secure and Stay Secure . . . . . . . . . . . . . . . . . .22
Networking Environment . . . . . . . . . . . . . . . . .23
Patches and Updates . . . . . . . . . . . . . . . . . . . . .25
Windows Services . . . . . . . . . . . . . . . . . . . . . .28
User Accounts and Groups . . . . . . . . . . . . . . . .29
File System . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Auditing and Logging . . . . . . . . . . . . . . . . . . . .32
ix
x Contents
Staying Secure . . . . . . . . . . . . . . . . . . . . . . . . .34
Secure IIS Checklist . . . . . . . . . . . . . . . . . . . . . . . .35
A Final Word on Security . . . . . . . . . . . . . . . . . . . .37
Knowing the Enemy and What They Want . . . . . . . .38
Your A** is Covered if You… . . . . . . . . . . . . . . . . .38
Chapter 3 Installing Internet Information
Services (IIS) 6.0 . . . . . . . . . . . . . . . . . . . . . .39
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . . .39
Installing IIS 6.0 Using the Configure Your Server
Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Installing or Modifying IIS 6.0 Using the
Add/Remove Programs Control Panel . . . . . . . . .44
Installing IIS 6.0 Using Automated Installation
(Unattended Setup) . . . . . . . . . . . . . . . . . . . . . . . .49
Installing IIS 6.0 During the Windows 2003
Server Setup . . . . . . . . . . . . . . . . . . . . . . . . .50
Installing IIS 6.0 After the Windows 2003
Server Setup . . . . . . . . . . . . . . . . . . . . . . . . .54
Upgrading IIS 5.0 to IIS 6.0 . . . . . . . . . . . . . . . . . .55
Post-Installation Information . . . . . . . . . . . . . . .56
After Installation: Locating the Administrative Tools . .59
IIS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Application Server MMC . . . . . . . . . . . . . . . . .61
The Remote Administration Website . . . . . . . . .62
Sharepoint Administration Website . . . . . . . . . . .62
Your A** is Covered if You… . . . . . . . . . . . . . . . . .64
Chapter 4 Configuring Basic Web Server
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . . .65
Enabling and Disabling Web Service Extensions . . . .66
Configuring Multipurpose Internet Mail Exchange
Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Configuring IP Address Restrictions . . . . . . . . . . . .75
Setting Website Permissions . . . . . . . . . . . . . . . . . .81
Securing Web Resources . . . . . . . . . . . . . . . . . . . .87
Contents xi
Enabling and Securing Web Access Log Files . . . . . .98
Your A** is Covered if You… . . . . . . . . . . . . . . . .114
Chapter 5 Advanced Web Server Security
Configuration . . . . . . . . . . . . . . . . . . . . . .115
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .115
Configuring Authentication . . . . . . . . . . . . . . . . .116
The Authentication Process . . . . . . . . . . . . . . .117
Configuring Anonymous Authentication . . . . . .118
Configuring Basic Authentication . . . . . . . . . . .120
Configuring Digest Authentication . . . . . . . . . .122
Configuring Advanced Digest Authentication . .125
Configuring Integrated Windows Authentication 126
Configuring UNC Authentication . . . . . . . . . .131
Passport Authentication . . . . . . . . . . . . . . . . . .132
Configuring SubAuthentication . . . . . . . . . . . .132
Configuring Delegation . . . . . . . . . . . . . . . . .133
Configuring IIS User Accounts . . . . . . . . . . . . . . .135
IIS 6.0 Running in Worker Process Mode . . . . .136
Changing the Process Identity of a Web
Application Pool . . . . . . . . . . . . . . . . . .138
Other User Accounts – IUSR_
<machinename> . . . . . . . . . . . . . . . . . .139
IIS 6.0 Running in IIS5 Isolation Mode . . . . . .139
IWAM_<computername> Account . . . . . .141
ASPNET Account . . . . . . . . . . . . . . . . . . .142
IUSR_<machinename> . . . . . . . . . . . . . .142
Configuring URLScan . . . . . . . . . . . . . . . . . . . . .142
Configuring URLScan.ini . . . . . . . . . . . . . . . .143
Other Sections . . . . . . . . . . . . . . . . . . . . .148
Configuring Your Server to Use SSL . . . . . . . . . . .150
Generating a Certificate Request . . . . . . . . . . .153
Submitting a Certificate Request . . . . . . . . . . .156
Installing an Issued Certificate . . . . . . . . . . . . .158
Managing your Website Certificates . . . . . . . . .160
Configuring IIS SSL Options . . . . . . . . . . . . . .161
xii Contents
Configuring URL Authorization with the
Authorization Manager . . . . . . . . . . . . . . . . . . .163
Creating the Authorization Store . . . . . . . . . . .164
Configuring Access to the Authorization Store . .166
Creating a New Application . . . . . . . . . . . . . . .166
Creating an Operation . . . . . . . . . . . . . . . . . .167
Creating a Scope . . . . . . . . . . . . . . . . . . . . . .168
Creating a Role . . . . . . . . . . . . . . . . . . . . . . .169
Configuring IIS 6.0 . . . . . . . . . . . . . . . . . . . .172
Testing the Authorization Store . . . . . . . . . . . .175
Configuring Custom Error Messages . . . . . . . . . . .175
The Default ASP Error Message . . . . . . . . . . . .176
Configuring a Basic ASP Error Message . . . . . .178
Configuring a Custom ASP Error Message . . . .179
Configuring a Custom ASP.NET Error Message 182
Securing Include Files . . . . . . . . . . . . . . . . . . . . .184
Disabling Parent Paths . . . . . . . . . . . . . . . . . . . . .187
Configuring IP Address,TCP Port and Host-
Header combinations . . . . . . . . . . . . . . . . . . . .189
Your A** is Covered if You… . . . . . . . . . . . . . . . .192
Chapter 6 Securing Application Pools . . . . . .195
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .195
Application Pools . . . . . . . . . . . . . . . . . . . . . . . . .196
Creating Application Pools . . . . . . . . . . . . . . . .198
Configuring Application Pools . . . . . . . . . . . . .198
Configuring Application Pool Identities . . . .200
Isolating Web Applications . . . . . . . . . . . . . . . . . .203
Understanding User Impersonation . . . . . . . . . . . .207
Your A** is Covered if You… . . . . . . . . . . . . . . . .209
Chapter 7 Securing FTP Sites . . . . . . . . . . . . .211
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .211
Configuring FTP Sites . . . . . . . . . . . . . . . . . . . . .212
Relocate the Default FTP Root Path . . . . . . . .213
Configure FTP Messages . . . . . . . . . . . . . . . . .214
Contents xiii
Configure the FTP Directory Output Style . . . .216
Securing FTP Resources . . . . . . . . . . . . . . . . . . .216
Configuring FTP User Isolation . . . . . . . . . . . . . .221
Do Not Isolate Users . . . . . . . . . . . . . . . . . . .222
Isolate Users . . . . . . . . . . . . . . . . . . . . . . . . . .223
Isolate Users Using Active Directory . . . . . . . . .224
Securing the FTP Connection . . . . . . . . . . . . . . .227
Enabling and Securing the FTP Access Log File . . .232
Your A** is Covered if You… . . . . . . . . . . . . . . . .238
Chapter 8 Securing SMTP and POP3 Services .239
In This Chapter . . . . . . . . . . . . . . . . . . . . . . .239
Configuring SMTP Virtual Servers . . . . . . . . . . . .240
Creating Additional SMTP Servers . . . . . . . . . .241
Configuring Additional Domains . . . . . . . . . . .242
Configuring SMTP Server Folders . . . . . . . . . .244
Enable Logging . . . . . . . . . . . . . . . . . . . . . . .246
Other Configuration Options . . . . . . . . . . . . .249
SMTP Virtual Server Security . . . . . . . . . . . . . . . .252
Configuring Authentication . . . . . . . . . . . . . . .253
Configuring Connection Controls . . . . . . . . . .254
Configuring Transport Layer Security . . . . . . . .256
Configuring Relay Controls . . . . . . . . . . . . . .257
Configuring and Securing the POP3 Server . . . . . .260
Initial Configuration . . . . . . . . . . . . . . . . . . . .262
Configuring Mailboxes . . . . . . . . . . . . . . . . . .265
Your A** is Covered if You… . . . . . . . . . . . . . . . .267
Chapter 9 Securing NNTP Virtual Servers . . . .269
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .269
Configuring NNTP Virtual Servers . . . . . . . . . . . .270
Managing NNTP Newsgroups . . . . . . . . . . . . . . .279
Securing NNTP Newsgroups . . . . . . . . . . . . . . . .287
Enabling and Securing NNTP Access Log Files . . . .296
Your A** is Covered if You… . . . . . . . . . . . . . . . .302
xiv Contents
Chapter 10 Securing Certificate Services . . . .303
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .303
Understanding Certificate Services . . . . . . . . . . . . .304
Certificate Authority and its Structure . . . . . . . .306
Configuring Certificate Services . . . . . . . . . . . . . .308
Configuring Your Certificate Authority . . . . . . .308
Securing Certificate Services Web Enrollment
Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317
Web Enrollment Virtual Directory Permissions .318
Authenticating Web Enrollment . . . . . . . . . . . .319
Restricting Access to Protect your Web
Enrollment . . . . . . . . . . . . . . . . . . . . . . . . .320
Monitoring Certificate Services Web Enrollment
Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323
Your A** is Covered if You… . . . . . . . . . . . . . . . .324
Chapter 11 Securing Web Publishing . . . . . .327
In This Chapter . . . . . . . . . . . . . . . . . . . . . . .327
Configuring and Securing WebDAV Publishing . . . .328
Installing and Enabling WebDAV . . . . . . . . . . .328
Configuring and Securing WebDAV . . . . . . . . .330
Configuring and Security FrontPage Server
Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . .335
Installing FrontPage Server Extensions . . . . . . .336
Enabling FPSE Authoring . . . . . . . . . . . . . . . .338
Securing your FPSE Virtual Host . . . . . . . . . . .342
Your A** Is Covered If You… . . . . . . . . . . . . . . . .347
Contents xv
Chapter 12 Securing Internet Printing . . . . . .347
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .347
Configuring Internet Printing . . . . . . . . . . . . . . . .348
Securing Internet Printing . . . . . . . . . . . . . . . . . .354
Monitoring Internet Printing Access . . . . . . . . . . .357
Your A** is Covered if You… . . . . . . . . . . . . . . . .359
Chapter 13 Monitoring Internet Information
Services (IIS) 6.0 . . . . . . . . . . . . . . . . . . . . .361
In this Chapter . . . . . . . . . . . . . . . . . . . . . . . .361
Monitoring Site Activities Logging . . . . . . . . . . . .362
Monitoring Event Viewer Logging . . . . . . . . . . . .367
Monitoring HTTP API Error Logging . . . . . . . . . .373
Monitoring URLScan Logging . . . . . . . . . . . . . . .380
Your A** is Covered if You… . . . . . . . . . . . . . . . .384
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .385