IS%204506%20Windows%20NTFS%20and%20IIS%20Security%20Features - PowerPoint PPT Presentation

About This Presentation
Title:

IS%204506%20Windows%20NTFS%20and%20IIS%20Security%20Features

Description:

Title: Chapter 9: Adding Windows NT and Internet Information Server Security Features Last modified by: George Zolla Created Date: 9/11/1997 8:24:28 PM – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 21
Provided by: npse3
Learn more at: http://faculty.nps.edu
Category:

less

Transcript and Presenter's Notes

Title: IS%204506%20Windows%20NTFS%20and%20IIS%20Security%20Features


1
IS 4506Windows NTFS and IIS Security Features
2
Overview
  • Windows NTFS Server security
  • Internet Information Server security features
  • Securing communication with IIS
  • Configuring SSL
  • Digital Certificates

3
Windows 2000 Server Security Recommendations
  • Securing User Accounts and Groups
  • Allow anonymous access with Internet guest
    account
  • Require users to choose difficult passwords
  • Limit administrator accounts
  • Applying Strict Account Policies
  • Securing Resource Access - NTFS Permissions
  • IIS Security Checklist

4
(Page 134)
File Systems Operations
Access Permissions
5
NTFS Permissions (Page 134)
Five standard types of permissions
  • Full Control
  • No Access
  • Read
  • Change
  • Special Access

6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
Other Windows NTFS Security Measures
  • Limit the number of protocols the network adapter
    cards use.
  • Use the Bindings tab in the Network Program in
    Control Panel to unbind any unnecessary services
    or protocols.
  • Turn off the Windows NT Server Service on the IIS
    Server to prevent users from viewing shares.
  • Use NT Filtering

11
Access Control with IIS
  • Web access control
  • IP access and domain name restrictions
  • Anonymous access and authentication control
  • Authentication methods
  • Web Server permissions for files and directories
  • NTFS permissions

12
Security Requirements for Internet Servers
  • Authentication of users
  • Resource access control
  • Encrypted communication
  • Auditing and logging

13
Web Server Permissions for Files and Directories
14
Authentication Methods
15
Anonymous Access and Authentication Control
  • Anonymous Access has user-applied restrictions
  • Authentication Control denies access and then
    queries
  • the user for authentication

16
IP Access and Domain Name Restrictions
17
Web Access Control
Web server receives request
IP address permitted?
User permitted?
Web server permissions allow access?
NTFS permissions allow access?
Access denied
Access granted
18
Review
  • Windows NT Server security recommendations
  • Security requirements for Internet servers
  • Access control with IIS
  • Securing communication with IIS

19
Lab 9 Restricting Access to a Web Site
20
Review
  • Windows 2000 Server security recommendations
  • Security requirements for Internet servers
  • Access control with IIS
  • Securing communication with IIS
Write a Comment
User Comments (0)
About PowerShow.com