24. Protecting Web Servers.pdf

(201 KB) Pobierz
Protecting Web Servers
Security Fundamentals
Instructor: Don Jones
Protecting Web Servers
Security Fundamentals
In This Lesson:
Web Authentication
Web Authorization
Protecting Web Servers
Security Fundamentals
Web Servers
Web servers provide resources to internal and external users,
and so like any server need to be secured.
This lesson will apply primarily to Microsoft’s Internet
Information Server (IIS), but the concepts are applicable to all
web server software.
1123952470.050.png 1123952470.061.png 1123952470.071.png 1123952470.082.png 1123952470.001.png 1123952470.002.png 1123952470.003.png 1123952470.004.png 1123952470.005.png 1123952470.006.png 1123952470.007.png 1123952470.008.png 1123952470.009.png 1123952470.010.png 1123952470.011.png 1123952470.012.png 1123952470.013.png 1123952470.014.png 1123952470.015.png 1123952470.016.png 1123952470.017.png 1123952470.018.png 1123952470.019.png 1123952470.020.png 1123952470.021.png 1123952470.022.png 1123952470.023.png 1123952470.024.png 1123952470.025.png 1123952470.026.png 1123952470.027.png 1123952470.028.png 1123952470.029.png 1123952470.030.png
 
Protecting Web Servers
Security Fundamentals
Authentication
While most public websites use anonymous authentication ,
many internal websites and even some public websites will
require users to authenticate themselves.
For anonymous authentication, the web server often has a built-
in account that represents all anonymous users. The public can
only access what that account is authorized to access.
For other scenarios, an authentication protocol must be
chosen. You must pick one that is compatible both with the web
server and the browser software that you expect clients to use.
Protecting Web Servers
Security Fundamentals
Authentication Protocols
Basic: Clear-text passwords (unless over HTTPS)
Digest
Integrated/Windows
Others
Let’s see where IIS configures these…
Protecting Web Servers
Security Fundamentals
Forcing SSL/TLS
You can configure IIS to only accept encrypted connections by
configuring the website appropriately.
This helps protect not only the data of the website from
eavesdropping, but also ensures that passwords aren’t
transmitted in the clear.
Let’s see how this is accomplished…
1123952470.031.png 1123952470.032.png 1123952470.033.png 1123952470.034.png 1123952470.035.png 1123952470.036.png 1123952470.037.png 1123952470.038.png 1123952470.039.png 1123952470.040.png 1123952470.041.png 1123952470.042.png 1123952470.043.png 1123952470.044.png 1123952470.045.png 1123952470.046.png 1123952470.047.png 1123952470.048.png 1123952470.049.png 1123952470.051.png 1123952470.052.png 1123952470.053.png 1123952470.054.png 1123952470.055.png 1123952470.056.png 1123952470.057.png 1123952470.058.png 1123952470.059.png 1123952470.060.png 1123952470.062.png 1123952470.063.png 1123952470.064.png
 
Protecting Web Servers
Security Fundamentals
Authorization
In IIS, users are restricted based on the permissions of the
website and of their user account.
For anonymous users, this is the general “anonymous user”
configured in the website.
Website permissions occur first, and NTFS (and other access)
permissions follow.
Let’s see how this works…
Protecting Web Servers
Security Fundamentals
What We Covered
Web Authentication
Web Authorization
1123952470.065.png 1123952470.066.png 1123952470.067.png 1123952470.068.png 1123952470.069.png 1123952470.070.png 1123952470.072.png 1123952470.073.png 1123952470.074.png 1123952470.075.png 1123952470.076.png 1123952470.077.png 1123952470.078.png 1123952470.079.png 1123952470.080.png 1123952470.081.png 1123952470.083.png 1123952470.084.png 1123952470.085.png 1123952470.086.png 1123952470.087.png
 

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin