Internet Information Services (IIS) is a group of Internet services for Windows servers (including a Web or Hypertext Transfer Protocol server and a File Transfer Protocol server) with additional capabilities for Microsoft Windows NT and Windows 2000 server operating systems. As a Web-facing server, IIS is susceptible to a wide variety of attack methods.
A standard Web server is vulnerable to the same variety of attacks to an even larger degree. Every computer that needs to access the Web must have a Web server and this type of connectivity leaves it open to attack from everybody -- from your average Joe user to the world's most clever hackers.
Check out these five tips to learn how to protect your Windows network from the inherent security risks that users of Internet Information Services and Web servers face every day.
Updating user access controls as business portfolios expand can help protect confidential data. Learn how to secure user access controls and keep your greatest asset under lock and key by configuring IIS Web server permissions. SearchSecurity expert Michael Cobb tells you how.
Internet Information Services Security Journal
IIS still may not be the most secure Web server on the market, but with some careful configurations you can lock down IIS against most attacks. Learn how to secure IIS and its many related services in this IIS security journal.
Keeping your IIS server secure
Don't allow your IIS file server to remain vulnerable. Be proactive and learn how to better secure it while running Windows Server 2003.
SQL Server security: Lock it down with 10 IIS tips
Harden SQL Server security with these 10 Internet Information Server tips by Kevin Beaver, CISSP.
Step-by-Step Guide: Securing Web servers
So much business is done on the Internet that Web server security is critical to overall security. This guide shows you how to configure a Web server for security and how to test your deployment.
This was first published in May 2007