24. Protecting Web Servers.pdf
(
201 KB
)
Pobierz
Protecting Web Servers
Security Fundamentals
Instructor: Don Jones
Protecting Web Servers
Security Fundamentals
In This Lesson:
Web Authentication
Web Authorization
Protecting Web Servers
Security Fundamentals
Web Servers
•
Web servers provide resources to internal and external users,
and so like any server need to be secured.
•
This lesson will apply primarily to Microsoft’s Internet
Information Server (IIS), but the concepts are applicable to all
web server software.
Protecting Web Servers
Security Fundamentals
Authentication
•
While most public websites use
anonymous authentication
,
many internal websites and even some public websites will
require users to authenticate themselves.
•
For anonymous authentication, the web server often has a built-
in account that represents all anonymous users. The public can
only access what that account is authorized to access.
•
For other scenarios, an
authentication protocol
must be
chosen. You must pick one that is compatible both with the web
server and the browser software that you expect clients to use.
Protecting Web Servers
Security Fundamentals
Authentication Protocols
•
Basic: Clear-text passwords (unless over HTTPS)
•
Digest
•
Integrated/Windows
•
Others
•
Let’s see where IIS configures these…
Protecting Web Servers
Security Fundamentals
Forcing SSL/TLS
•
You can configure IIS to only accept encrypted connections by
configuring the website appropriately.
•
This helps protect not only the data of the website from
eavesdropping, but also ensures that passwords aren’t
transmitted in the clear.
•
Let’s see how this is accomplished…
Protecting Web Servers
Security Fundamentals
Authorization
•
In IIS, users are restricted based on the permissions of the
website
and
of their user account.
•
For anonymous users, this is the general “anonymous user”
configured in the website.
•
Website permissions occur first, and NTFS (and other access)
permissions follow.
•
Let’s see how this works…
Protecting Web Servers
Security Fundamentals
What We Covered
Web Authentication
Web Authorization
Plik z chomika:
morek3333
Inne pliki z tego folderu:
01. Getting Started with Security Fundamentals.pdf
(242 KB)
03. Physical Security as the First Line of Defense.pdf
(201 KB)
02. Introducing Security.pdf
(209 KB)
05. Authentication Basics.pdf
(281 KB)
07. Using Encryption to Protect Data.pdf
(233 KB)
Inne foldery tego chomika:
MP3
Zgłoś jeśli
naruszono regulamin