Microsoft Corporation
Updated April 15, 1999
Remote Administration Security
Administering remotely generally makes your Web server more vulnerable because a wider community of users is given potential access to the Web server machine from the Internet. With Microsoft® FrontPage®, this increases the risk that an unauthorized person could gain access to the FrontPage-extended webs on your server and modify web settings, or even delete webs. To prevent this, the following precautions are recommended:
- Require a secured connection (such as SSL) to communicate with the Fpadmdll.dll or Fpadmcgi.exe. Since configuration information and — in some cases — user names and passwords are communicated over the network using these methods, a secured connection will prevent passwords from being read directly by network traffic spies.
- Grant access to Fpadmdll.dll or Fpadmcgi.exe using the Web server's security system. Requiring a user to log on with a secure administrator account on the Web server prevents unauthorized access.
- Require the use of a non-standard HTTP port for accessing Fpadmdll.dll or Fpadmcgi.exe. This will make it much more difficult for network spies to guess the URL of the HTML Administration Forms or the remote administration programs.
- Use IP address mask restrictions to prevent unauthorized computers from accessing the HTML Administration Forms, Fpadmdll.dll, or Fpadmcgi.exe. Typically, all IP addresses not associated with the owner of the FrontPage-extended server to be administered are denied access.
See also
Activating Remote Administration on IIS 4.0 and 5.0
Back to top