390 likes | 410 Views
IIS Overview. Microsoft Internet Information Server http://www.microsoft.com/windows2000/downloads/default.asp. Prerequisites--NT. NT Must have Service Pack 3 Internet Explorer 4.01 32 MB ram, but more preferred 486 50 to 200 MB disk space for install Or……. Windows 2000.
E N D
IIS Overview Microsoft Internet Information Server http://www.microsoft.com/windows2000/downloads/default.asp
Prerequisites--NT • NT Must have Service Pack 3 • Internet Explorer 4.01 • 32 MB ram, but more preferred • 486 • 50 to 200 MB disk space for install • Or……
Windows 2000 • The simplest method is to get Windows 2000 Professional at the student rate. You can add windows features. One of those features is IIS 5.0. • IIS 5.0 Requires a 300MHZ Pentium or better and 64MB Ram minimum. • IIS 5.0 Comes with Windows 2000, but you need to install it.
IIS or PWS? • NT Option Pack 4.0 Comes with IIS & PWS. Depending on the system, the installation is different. PWS has limited functionality. • NT Server: IIS • NT Workstation: PWS • Windows 95 or 98: PWS – I don’t recommend installation due to system glitches it sometimes creates.
Services • WWW • FTP • MTS - Microsoft Transaction Server • SMTP • NNTP • Index Server • Certificate Server • Site Server Express
WWW Service • Houses Pages and Sites • Knows how to respond to WWW requests • ISAPI - Internet Server Application Programming Interface (.dll compiled programs) • ASP - Embedded Scripts • CGI – Perl is an add on from other sources • ODBC • Multiple Sites on one Server • Port 80
FTP Service • One IP address per FTP Service • Port 21
Transaction Server • A transaction is a process that must be 100% completed, such as a payment being made. • For instance, both the deduction from the payer’s and the addition to the payee’s account must be completed in a banking transaction, or neither should be done. • Advanced Subject
SMTP Service • Simple Mail Transfer Protocol • Does not allow for management of mail accounts - Use Microsoft Exchange or a mail service program. • Port 25
NNTP • Network News Transport Protocol • Good for internal newsgroups. • Does not take news feeds. • Port 119
Index Server Allows Searches • Can index Binary, HTML, Excel 95/97, PowerPoint 95/97, Word 95/97, and Text files. • Can be configured with add-ons to index other files. • Does so in the background, usually at night.
Certificate Server • Allows issuance and management of digital certificates, which assure users they are dealing with the correct party. • May be internal, or external, in which case they have to be verified by a Certification Authority, such as VeriSign. • Access via HTMLA SERVERNAME/CERTSRV
Site Server Express Used to get information about the site. • Content Analyzer - A visual tool to examine the structural health of a site. • Usage Import - Prepares log files for use with Report Writer. • Report Writer (xls, doc, mdb) - Detail or Summary Reports. • Posting Acceptor - Allows remote posting of Web Content Access via start menu.
Administration Tools MMC, HTMLA, and WSH
MMC--Microsoft Mgmt Console • A general shell to administer certain management services. Use start menu to get open. • Will be used extensively in future implementations of Windows. • Can be modified with snap-ins to allow new functionality. • RIGHT CLICK items to pull up Property Sheets to view and/or modify. • ISM - the IIS Internet Services Manager snap-in
MMC • You change properties on property sheets. • Property sheets are just those tabbed sheets you have already used in windows to change settings. • Just like HTML or CSS, all you are really doing is assigning values to properties.
HTMLA • HTML-based Administration • Thus allows remote administration • Has most of the functionality of ISM. • Some functions only on ISM • Only way to manage Certificate Server
WSH--Windows Scripting Host • Allows Automation of certain tasks. • Desktop GUI: wscript.exe • Command Prompt: cscript.exe • Jscript, VBScript, MS-DOS commands
Two Basic Components • User Accounts • NTFS -- NT File System • Basic account is IUSR_computername • For instance, if the server is Luke, the basic anonymous account is:IUSR_Luke
Narrowing Access • A group, Everyone, exists in NT. Literally everyone could access all resources of the computer. IUSR_computername is IIS specific. • The administrator can grant everyone access and selectively limit it. • Or deny access and selectively grant it. • NEVER give yourself, the administrator, NO ACCESS. You may exclude everyone permanently.
NTFS Access • No Access - Overrides even if granted access by some other method • List - Can view names • Read - Can read or execute files • Add - Add files and folders • Add & Read - Combines Add & Read • Change - Can change and delete files • Full Control - Can change permissions and ownership • Special Access - Can configure group and user permissions
Competing Permissions • NTFS has its directory and file permissions. • IIS has its directory permissions. • Also, NT classifies you by Group permissions • Which system wins?
The winner is…. • The strictest permissions take precedence. • “When in doubt, lock ‘em out.”
Permissions for Scripts • Scripts need to be READ-able, EXECUTE-able (or SCRIPTS) • BUT NOT WRITE-able!!!!
SSL Secure Sockets Layer
An SSL Session • Client contacts Server • Server sends digital certificate and public key. • Client and server negotiate encryption depth (40 or 128 bit) • Client randomly generates session key and encrypts it with server’s public key. • Server decrypts session key with its private key
SSL Notes • Private keys are not transmitted. • Imagine I gave you each a public key to a room and we decided on a unique combination to a different locker in that room for each of you. You left your homework in your locker for me. That is like the public and session keys. • But I have the private key which opens all doors and lockers.
The public, private, and session keys all work together to encrypt/decrypt. All three are needed, and the odds of anyone deciphering the code are beyond today’s computational power.
Its like those stories where both pieces of an amulet are needed to solve the mystery…
Digital Certificate • Server requests a digital certificate from the client. • The client sends its digital certificate, along with its public key. • Created by you using Key Manager (keygen.exe) • Authorized by Certificate Authority
Certificate Authority • A mutually trusted third party responsible for validating that a client or server is who it says it is. • Which can be IIS Certificate Server, if it is trusted by all parties. • A transaction involves the client, the server, and the Certificate Authority.
Certificates…A good word from by a mutually trusted 3rd party OK I sure hope she talks to me! Do you know this guy?
PKE In Summary mnemonic • A public Key (see) • A private Key (me) • A session Key (we) • A Certificate (identity)
SSL – Uses more CPU time • Since SSL takes longer and uses more CPU time to encrypt and decrypt, you should only use SSL when necessary. • But you SHOULD use it when needed.
SSL Directory • SSL Directory is usually not in your wwwroot for security reasons.
Virtual Servers • You can have numerous sites on one server. • Similar, but not to be confused with virtual directories. • Each site can have parameters set. • Configure HOSTS file to allocate IP addresses.
IIS and your site… • It is good to have your site on different machines than your IIS implementation. • For Processing Power • For Security • Various “Firewall” schemes. • Firewall: A combination of hardware and software to fend off intruders.