The limitless, exciting possibilities offered by Web publishing, such as the ability to create a small online business capable reaching millions of customers, are tempered by genuine security risks. Today's server administrator cannot afford to ignore the importance of a robust and secure Web server.
If your Web server content is available to the public, there may be a risk of intrusion. Before configuring your Web server's security features and connecting to an unsecured network, such as the Internet, you should spend time learning about server security. After all, your security configuration is crucial for protecting your Web server from unauthorized access and tampering.
Most Web server installations allow users to log on anonymously and to freely view information published on public Web or FTP sites. In fact, this type of anonymous access characterizes the unprecedented openness and flexibility associated with the Internet and large intranets. However, many Web servers also contain sensitive, private information that is not intended for viewing by public users. These conflicting requirements illustrate a central problem associated with Web sever security: How does a server administrator make Web and FTP sites available to the public, while restricting access to private file and directories?
Internet Information Server's security features provide a secure and effective way for you to grant users access to public sites, while preventing unauthorized access of your private files and directories. Your Web server, which is fully integrated with the Windows NT security system, utilizes time-proven, Windows NT user accounts and file access permissions for the protection of your private content.
With Windows NT File System (NTFS) access permissions, the foundation of your Web server's security, you can define the level of file and directory access granted to Windows NT users and groups. For example, if a home gardening business decided to store its seed catalog Web site on your Web server, you would need to create a Windows NT user account for that business and then configure permissions for the specific directory containing the Web site. The permissions would enable only the server administrator and the owner of the business to update the Web site's contents. Public users would be allowed to view the Web site, but not alter its contents.
For more details about setting NTFS permissions, see Access Control.
After assigning permissions to your files and directories, a user who wants to access restricted content (such as the business owner in the previous example) must have a valid Windows NT user account. You can configure your Web server's authentication, or user identification, features to prompt users for valid account information (typically, a user name and password) before connecting to restricted content. See Authentication to learn about the different ways that your Web server collects user credentials.
Today, users visiting commercial Web sites are sometimes reluctant to supply a Web site with sensitive information, such as a credit card or bank account number, for fear that computer vandals will intercept this information. To address this type of security concern, beyond securing files and directories from unauthorized access, you need to effectively protect sensitive information transmitted over a network from all forms of interception and tampering.
The Secure Sockets Layer (SSL) 3.0 protocol, implemented as a Web server security feature, provides a secure and virtually impervious way of establishing an encrypted communication link with users. SSL guarantees the authenticity of your Web content, while reliably verifying the identity of users accessing restricted Web sites.
Your Web server also supports the Private Communication Technology (PCT) 1.0 protocol. Similar to SSL, PCT 1.0 includes hardy and efficient encryption features for securing communications.
Unique digital identifications, called server certificates, form the basis of your Web server's SSL security features. Server certificates, obtained from a mutually trusted, third-party organization, provide a way for users to authenticate the identity of your Web site. The server certificate contains detailed identification information, such as the name of the organization affiliated with the server content, the name of the organization that issued the certificate, and a unique identification file called a public key. This information helps to assure users about the authenticity of Web server content and the integrity of the secured HTTP connection.
The public key, along with an another privately held key, form the SSL key pair. Your Web server utilizes the key pair to negotiate a secure TCP/IP connection with the user's Web browser. However, although the key pair serves a vital role in establishing a secure link, the key pair is not directly used for data encryption.
With SSL, your server and the user's Web browser engage in a negotiating exchange – one involving the certificate and the key pair – to determine the level of encryption required for securing communications. This exchange necessitates that both your Web server and the user's browser be equipped with compatible encryption and decryption capabilities. The end result of the exchange involves the creation (usually by the Web browser) of an encryption, or session, key. Both your server and the Web browser use the session key to encrypt and decrypt transmitted information. The session key's degree of encryption, or strength, is measured in bits. The greater, or longer, the number of bits comprising the session key, the greater the level of encryption and security. Your Web server's session key is typically 40-bits long, but can be substantially longer.
With SSL, your Web server can also authenticate users by checking the contents of their client certificates: encrypted files that function similar to conventional identifications, such as a driver's license or passport. A typical client certificate contains detailed identification information about a user and the organization that issued the certificate.
You can use client certificate authentication, along with SSL encryption, to implement a very tamper-resistant method for verifying the identity of your users. For more information, see About Client Certificates.
Before configuring your Web server security, determine the level of security that you will require to protect your Web and FTP sites. For example, if you intend create a Web site that allows special users to access private information, such as financial or medical records, then you will require a robust security configuration that can reliably authenticate designated users. In such a case, you should consider hiring the services of a computer security specialist.
Much of your Web server's security relies on your Windows NT security configuration. Without properly configuring your Windows NTsecurity features, you cannot secure your Web server. If you have not done so already, carry out the following:
For more information, consult the Windows NT documentation. The Windows NT Resource Kit is also an excellent source for security information.
As part of your security configuariton, you should also convert your hard disk partition to a Windows NT File System (NTFS) partition. NTFS hard disk partitions offer precise file and directory access control, and save information more efficiently than File Allocation Table (FAT) partitions. You can use the Windows NT Convert utility to convert a hard disk partition to NTFS. For more information, consult your Windows NT documentation.
Next, determine which files and directories will be publicly available to users visiting your Web and FTP sites. Keep public and restricted content in separate directories.
To get started configuring your Web server's security, see About Access Controlfor information about properly configuring anonymous Web server access.
For additional information about Windows NT and network security issues, visit the Microsoft security Web site at http://www.microsoft.com/security.