With the advent of the Internet, corporations can tap into the large potential customer base now connected online. The inherently open Internet has also raised security questions and spawned an array of safety requirements.
The need to identify and authenticate legitimate users (for example, subscribers) in order to provide them with access to information, content, and services while denying service to unauthorized users.
Resource Access Control
Security system with a fine-grained access control that will allow legitimate users access to resources while protecting sensitive resources from hackers and unauthorized users.
Ensure that corporations can set up private and tamperproof communications channels over the Internet for commerce and sensitive business-to-business transactions.
Auditing and Logging
Broad auditing and logging functionality to help track the site security, catch potential hackers, and deter attacks on the site.
There are four methods of security you can apply to your IIS computer. Users must pass these security checks before they are allowed to access a particular resource.
- IP Access – You can configure your Web server to prevent specific computers, groups of computers, or entire networks from accessing your Web server content. When a user initially tries to access your Web server content, the server checks the Internet Protocol (IP) address of the user's computer against the server's IP address restriction settings.IIS allows you to use DNS names in place of IP addresses, but there will be a significant performance reduction due to the name resolution.
- User Authentication – You can configure your Web server to allow anonymous (guest) access or to require a connecting client to provide a valid Windows NT logon in order to access any resources.
- Web Permission – You can configure your Web server's access permissions—Read, Write, or Execute—for specific sites, directories, and files. These permissions will apply to all users regardless of their specific access rights. For example, you can disable the Read permissions for a particular Web site to prevent user access while you update the site's content. When a user attempts to access the restricted Web site, they will receive an “access forbidden” error message.
- File Security – IIS relies on NTFS permissions for securing individual files and directories from unauthorized access. Unlike Web server permissions, which apply to all users, you can use NTFS permissions to precisely define which users can access your content and how those users are allowed to manipulate that content.