Chapter 1 - Securing Your Web Site

A home page on the World Wide Web represents an open invitation to every Internet user. With the increase in numbers of corporate Web sites (a twofold increase from 1995 to 1996, according to International Data Corporation), technology professionals must learn to guard their networks against Internet-borne intruders.

A vigilant system administrator might feel safe in providing Gopher and File Transfer Protocol (FTP) services. But when implementing the World Wide Web (WWW) service, the system administrator has to confront several questions:

How secure is a corporate network that has a Web site?

Can someone on the Internet intercept and copy a user's ID and password?

Is a site that allows anonymous users truly secure?

This chapter answers these questions and describes how Windows NT Server and Internet Information Server (IIS) combine to provide a thoroughly integrated security solution for their Internet services.

This chapter focuses on Internet Information Server version 2.0 and Windows NT Server version 4.0 and includes the following sections:

"Using Built-in Windows NT Server Security"

"How Internet Information Server Security Works"

"Using Internet Service Manager Security Features"

"Using SSL to Safeguard Transmitted Data"

"Using Internet Services Application Program Interface (ISAPI) Security Functions"

"Guarding Against SYN Attacks"