Web security benefits from Windows Server 2003

Read about the improved security of Windows Server 2003 and IIS 6.0.

After years of downplaying the security offered by Windows Server products and Internet Information Server, I think Microsoft has finally made a solid and secure move in the right direction with Windows Server 2003. Win2K3, first and foremost, is an improved and security-tweaked foundational operating system that also includes a hardened version of Internet Information Server.

Internet Information Server 6.0 on Windows Server 2003 offers one key benefit that no previous Windows server product has offered -- namely that IIS is not installed by default. If you are not specifically planning to use IIS, this is a solid security design.

Obviously, if you are planning on hosting Web sites on Windows Server 2003, IIS 6.0 is your most logical option. The second most beneficial security change for the updated NOS is that IIS 6.0 no longer runs under the security context of the system. Rather, there is a new IIS service account that has limited administrative capabilities and only enough privileges, access and user rights to perform its duties as a Web server. In addition to this, IIS 6.0 is installed initially in a hardened "locked" mode. This initial mode will only serve static resources and not execute scripts of any kind.

If you are serious about using Windows as your platform for hosting Web sites, you owe it to yourself to seriously investigate Windows Server 2003 and Internet Information Server 6.0.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.


For more information, visit these resources:


This was first published in May 2003

Dig deeper on Windows Server Troubleshooting

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close