- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 10, 2003

IIS 5.0
  Where to Start
  Install & Configure
  Performance Tuning
  Securing IIS







Microsoft Internet Information Server Icon

Securing Internet Information Services 5.0

Where to Start

10 Steps to Better IIS Security
You've done everything you can to install your Microsoft Internet Information Server (IIS) securely, making full use of the valuable checklists on the Internet and all the resources at your disposal. Now, how do you keep it secure? Russ Cooper offers these quick and easy tips will help you harden your Microsoft Web server. Source:InfoSecurityMag

From Blueprint to Fortress: A Guide to Securing IIS 5.0
Servers can be vulnerable to a host of attacks. As a server administrator or architect, you want to be sure you account for all areas of security when setting up Web servers. This document provides a blueprint for administrators and system architects to secure a Microsoft© Internet Information Server (IIS) 5.0 Web server. Source:

IIS 5.0's New Security Features
Find out how to put IIS 5.0's new security features to work with Win2K. Source: Windows & .NET Magazine (November 1999)

Internet Information Server 4.0 Security Checklist
A simple checklist in a downloadable self extracting Zip file to help you lock down your IIS Servers. Source: Microsoft Security Advisor.


Securing Internet Information Services 5 Checklist
This document lists some recommendations and best practices to secure a server on the Web running Microsoft Windows 2000 and Internet Information Services (IIS) 5. The settings err on the side of security over functionality, and hence it's important that you carefully review the suggestions below and use them to derive your own corporate settings. Source: (June 29, 2000)

Untangling Web Security: Getting the Most from IIS Security
This article contains detailed explanations of some of the misunderstood security features in Microsoft© Internet Information Server (IIS) 4.0, including client certificate mapping, IP address restrictions, Secure Sockets Layer (SSL) server bindings, and Web permissions. You'll not only find out how these features work, but also how to optimize their configuration. Source: MSDN Workshop

Web Security Audit Tool
Tim Huckaby shows you how to implement a code (available for download) that displays the authentication for every resource with Anonymous access. Source: Windows & .NET Magazine (April 11, 2000)

Additional Articles

How to use the IIS "What If" Security Tool
Microsoft Knowledge Base Article: 229694 -
The purpose of this article is to explain how to install, use, and uninstall the IIS Security "What If" tool. The IIS Security "What If" tool is a Dynamic HTML (DHTML) utility designed to assist in troubleshooting security issues with IIS.

HOW TO: Use the IIS Permissions Wizard 
Microsoft Knowledge Base Article: 324070 - This step-by-step article describes how to use the Permissions Wizard to create or edit a template and then apply the template to a folder. Apache uses .htaccess files and Directory directives in the main Httpd.conf configuration file. You can easily copy these files and directives around your site to set the same values across multiple folders. There is no equivalent in Internet Information Services (IIS). However, the IIS Permissions Wizard in the Windows 2000 Resource Kit can create templates that you can apply these templates to different folders. You can use this method to emulate the .htaccess functionality for multiple folders

HOW TO: Set Default Properties for Internet Information Services in Windows 2000 (Q308193) 
Microsoft Knowledge Base Article You can use the Internet Information Services (IIS) snap-in to configure settings for the WWW and FTP services at the server, individual site, folder, or file levels. When you configure properties at the server level, these values are
inherited, and become the default settings for all Web or FTP sites on the server. This article describes how to set the following default properties on an IIS server

HOW TO: Set Secure NTFS Permissions on IIS 5.0 Log Files and Virtual Directories 
Microsoft Knowledge Base Article: 310361 - This step-by-step article describes how to place NTFS permissions on IIS 5.0 log files and virtual directories. Computers that are directly connected to the Internet are under a constant threat of attack. Any computer that is connected to...

HOW TO: Use NTFS Security to Protect a Web Page Running on IIS 4.0 or 5.0
Microsoft Knowledge Base Article: 299970 - This is a step-by-step guide to using Windows NTFS security to protect Web pages that are running on Internet Information Server (IIS) version 4.0 or 5.0. To protect your pages, you put the pages in a separate folder and then apply permissions.

HOW TO: Use the Permissions Wizard in Internet Information Services 
Microsoft Knowledge Base Article: 313083 - This article describes how to use the Permissions Wizard to set up basic Internet Information Services (IIS) 5.0 security for a Web site. 

Internet Information Services 5.0 Authentication Methods
Columnist Zubair Ahmad explains the various authentication methods that IIS 5.0 uses. You must understand these methods before you can configure the software properly. Source: Windows & .NET Magazine (March 27, 2000)

Protecting your IIS Server and Web applications
Internet viruses such as Code Red and Nimbda have brought down numerous IIS Web servers recently. Fortify and defend your system with this comprehensive strategy authored by 30-year industry veteran, Andrew Novick.

Security Vulnerabilities in Site Server and Index Server
In this issue of Keeping Up with IIS, learn about security vulnerabilities in Microsoft Site Server and Index Server and patches to fix them. Also, find out how to access Windows 2000 Help files online. Source: Windows & .NET Magazine  (Feb 2000)

Using Windows Security with IIS and SQL Server 2000
Discover how you can configure a Web application that accesses SQL Server 2000 to use a Windows username and password for authentication. Source: Windows & .NET Magazine (Nov 2001)

Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.