Security

The purpose of security is to minimize threats to resources and assets through a combination of policy, hardware, and software. This section addresses how to configure a secure Web server that is running Microsoft® Windows® 2000 Server and Internet Information Services (IIS) 5.0 for use on the Internet or an intranet. It is assumed that the reader is familiar with the IIS 5.0 security material in the Windows 2000 online product documentation.

This section begins with a discussion of core security principles and explains how the operating system adheres to those principles. It goes on to explore IIS 5.0 security, showing how IIS builds upon Microsoft® Windows® security. Once you have familiarized yourself with the security principles covered in this section, you will probably want to read Site Security Planning in this book, which describes how to set policies for securing Web resources, applications, and data in an intranet and over the Internet.

In this section:

• Foundations of Computer Security
• Using the Built-in Security Features of Windows 2000 Server
• Configuring IIS 5.0 Security
• An End-to-End Troubleshooting Example
• Defending Against Malicious Attacks
• Auditing Access with IIS 5.0 Logs
• IIS 5.0 Security Checklist
• Additional Resources

© 1997-1999 Microsoft Corporation. All rights reserved.