1 / 16

IIS Websites, Security, and Virtual Hosts

IIS Websites, Security, and Virtual Hosts. IT:Network:Apps. Internet Information Server. Microsoft Web Server Used by ~ 50% of Fortune 500 companies Comes with Server OS Expandable Easy to use. Installation. Windows Components > Application Server

teresa
Download Presentation

IIS Websites, Security, and Virtual Hosts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IIS Websites, Security, and Virtual Hosts IT:Network:Apps

  2. Internet Information Server • Microsoft Web Server • Used by ~ 50% of Fortune 500 companies • Comes with Server OS • Expandable • Easy to use

  3. Installation • Windows Components > Application Server • ASP.NET (optional but lots of 3rd party solns use it) • IIS > • Common Files • IIS Manager • World Wide Web Service • Other stuff can be installed (SMTP server, FTP server)

  4. How Find? • www.abccompany.local • DNS name • Update the abccompany.local zone • www Address 172.17.6.10 • www Alias mssrv01.abccompany.local

  5. Default Web Site • IIS Manager > server > Web Sites > Default Web Site • Pretty much basic, functional web site • Listens on Port 80 • C:\InetPub\wwwroot\ • Need to create the index.htm (and related) file(s)

  6. Basic Configuration • Properties of Site • WebSite • IP address (All or specific) • Port(s) (NOTE: SSL is more than just listing port) • Logging/timeout • HomeDirectory • Where find files • Could be redirection • Permissions (like share perms) • Documents • What files to look for • index.html ???

  7. Directory security • IP address/Domain Restrictions • Who will we talk to? Who will we ignore • Allow all – Exceptions .OR. Deny all – Exceptions • Authentication • What users can see this site • How authenticate them • More in a bit • Secure Communications • SSL • More later

  8. What about multiple servers • www.abccompany.local • acct.abccompany.local • mktg.abccompany.local • How many servers do we need?

  9. Separate Servers • New hardware for each “site” • New IP address for each “site”

  10. Virtual Servers • One box • Big Disk/RAM • Multiple IP addresses??? • Web sites “Virtualized” inside physical server • Server must pick correct Virtual Server to access.

  11. Picking Virtual Server • Multiple IP addresses on Physical Server • DNS for each Virtual Server points to different IP addr • acct.fencon.local  192.168.9.10 • mktg.fencon.local  192.168.9.11 • Configure Web site to pay attention to unique IP • 192.168.9.10  acct site • 192.168.9.11  mktg site • Need IP address for each virtual host!

  12. Picking Virtual Servers (cont) • Single IP address on Physical Server • All Virtual hosts use the same IP address • Host header assigned to Virtual Server • When request comes in to physical server, it looks at the URL that was used (acct.abccompany.local vs mktg. abccompany.local) • Picks the correct virtual server based on the host headers • Only need one IP address! • Arguably the most common method

  13. Restrict access based on IP • For internal webs, we may only want access from INTERNAL addresses • “You can see this, but only when you are at work” • site Properties > Directory Security > IP Address and Domain Restrictions • Set default behavior (Grant/Deny) • Set exceptions • DENY All except 172.17.0.0/16

  14. User Authentication • By default anonymous access is allowed • Users group has • Read/Execute • List Folder Contents • Read Permissions etc • Take away permissions and take away anonymous access  user must authenticate

  15. Authentication Methods • Site Props > Directory Security > Authentication & access control • Disable Anonymous • Pick Methods • Integrated Windows auth • IE only (now firefox as well) • Basic auth • password sent clear text!! • Digest (only for domain users) • .NET

  16. So far… • Created multiple web sites inside a single web server • Restricted access by IP (where are you?) • Restricted access by user (who are you?) • Still need… • Encryption (SSL) • Nicer Content – Portals, etc

More Related