Overview of Internet Information Services 5.0

Security

This section briefly describes the new security features in IIS 5.0. For details about how security works, see Security in this book.

• Digest Authentication   Adds security and reliability to user authentication across proxy servers and firewalls. IIS 5.0 still offers previous means of authentication: Anonymous, HTTP Basic, Windows NT Challenge/Response, and NTLM authentication (now known as integrated Windows authentication).
• Server-Gated Cryptography   Allows financial institutions with export versions of IIS to use strong 128-bit encryption. Server-Gated Cryptography (SGC) is an extension of Secure Sockets Layer (SSL). Although SGC is built into IIS 5.0, a special SGC certificate is required.
• New Security Wizards   Simplify server administration tasks.
  • Web Server Certificate Wizard   Simplifies certificate administration tasks in IIS 5.0. These tasks include, for example, creating certificate requests and managing the certificate life cycle.
  • Permissions Wizard   Simplifies editing and configuring Web site access, such as assigning access policies to virtual directories and files. The Permissions Wizard can also reflect these Web access policies to NTFS file system permissions.
  • CTL Wizard   Configures certificate trust lists (CTLs). A CTL is a list of trusted certification authorities for a particular directory. CTLs are especially useful for ISPs who have several Web sites on their server and who need a different list of approved certification authorities for each site.
• Kerberos v5 Authentication   Passes authentication credentials among networked computers that are running Microsoft® Windows®. IIS 5.0 is fully integrated with the Kerberos v5 authentication model implemented in Windows 2000 Server.
• Certificate Storage   Stores, backs up, and configures server certificates through a single point of entry. IIS certificate storage is now integrated with Microsoft CryptoAPI (CAPI) storage, which is provided with Windows 2000.
• Fortezza   Supports Fortezza, the U.S. government security standard (http://www.armadillo.huntsville.al.us/). This standard satisfies the Defense Messaging System security architecture, by supplying a cryptographic mechanism that features message confidentiality, integrity, authentication, and access control to messages, components, and systems.

© 1997-1999 Microsoft Corporation. All rights reserved.