Properly controlling access to your Web and FTP content is crucial for running a secure Web server. With Windows NT and your Web server’s security features, you can effectively control how users access your Web and FTP content.
Anonymous access, the preferred access control method for most Web server installations, allows users to visit your public Web sites while preventing unauthorized users from gaining access to your Web server’s critical administrative features. When your Web server receives an anonymous logon request, the server will attempt to log on the user with an anonymous or guest account, which is a valid Windows NT user account. This account has security restrictions, determined by your Windows NT Files System (NTFS) permissions, that limit the type of Web content anonymous users can access. For example, if you imagine your Web server as a museum, enabling anonymous access is like inviting the public to visit the museum’s public galleries and exhibits. However, as the prudent manager of the museum, you would probably lock particular rooms, such as offices and laboratories, that you did not want to let the public visit. Similarly, when you configure anonymous access for your Web server, you can apply NTFS permissions to prevent ordinary users from accessing private files and directories. For more information about NTFS permissions, read the paragraph below detailing Windows NT File System Permissions.
By default, your Web server will log on all users through the anonymous account. During installation, your server creates a special anonymous user account called IUSR_computername. For example, if your computer name is SalesDept1, then the anonymous account name is IUSR_SalesDept1. Each Web site on your server can use either the same or different anonymous user logon accounts. With the Windows NT User Manager for Domains utility, you can create a new “anonymous logon" user account. For more information, see the Configuring the Anonymous Access Account.
You can control user access to your Web server content by properly configuring your Windows NT and Web server security features. When a user attempts to access your Web server, the server carries out several access control processes to identify the user and determine the allowed level of access.
You can configure your Web server to prevent specific computers, groups of computers, or entire networks from accessing your Web server content. When a user initially tries to access your Web server content, the server checks the IP address of the user’s computer against the server’s IP address restriction settings. You can configure these settings to grant access to all computers, except for specific computers that are to be denied access (for example, you can prevent a malicious individual from accessing your Web server). Or alternatively, you can deny access to all computers, except for specific computers to which you want to grant access. For more information, see Granting and Denying Access to Computers.
You can configure your Web server's access permissions, such as Read, Write, or Execute, for specific sites, directories, and files. These permissions apply to all users regardless of their specific access rights. For example, you can disable the Read permissions for a particular Web site to prevent user access while you update the site's content, so that when a user attempts to access the Web site, your server returns an “access forbidden” error message. However, when you enable the Read permission you allow all users to view your Web site, unless Windows NT File System (NTFS) permissions restrict which users can view the site. For more information, see Setting Web Server Permissions.
Internet Information Server relies on Windows NT File System (NTFS) permissions for securing individual files and directories from unauthorized access. Unlike Web server permissions, which apply to all users, you can use NTFS permissions to precisely define which users can access your content and how those users are allowed to manipulate that content.
NTFS has five standard types of permissions:
You can use Windows NT Explorer to define a list of permissions, also known as an access control list (ACL), for individual files or directories. When you define this list, you select a particular Windows NT user account or user group, and then specify an access permission for that user or group. For example, the following table illustrates the contents of a restricted file’s permission list:
| Window NT User Account or User Groups | Permissions |
|---|---|
| MYSERVER\Administrators | Full Control |
| MYSERVER\JeffSmith | Change |
| MYSERVER\Guests | No Access |
Aside from the Administrator, only the account named JeffSmith has permission to make changes to this file. Ordinary users logged on as members of the Windows NT Guest group would be explicitly denied access to this file.
After you set NTFS permissions, your Web server needs a way to identify, or authenticate, users prior to granting access to restricted files. You can configure your server’s authentication features to require users to log on with a valid Windows NT account user name and password. For more information, see About Authentication.
For procedural information, see Securing Your Files with NTFS and Setting Access Permissions for a Directory or File.
The likelihood of your Web server becoming susceptible to a security threat can be reduced by following several basic, commonsense security guidelines. When implemented with a judicious access control policy and properly configured security features, these guidelines can help you achieve a reliable security configuration.
Note For highly sensitive security applications, such as those involving the financial and banking industries, you should seek the assistance of a professional security consulting firm. A consulting firm can assist in setting up proper security policies and procedures.
To properly safeguard Web server content, your security practices should include the following guidelines:
Unauthorized individuals can gain access to your Web server by stealing or guessing user account passwords. You must make sure that all passwords, especially those used for protecting Administrative privileges, are difficult to guess. To select strong passwords, use the following guidelines:
Be sure to limit the access to your Web server’s Administrators group. Members of the Administrators group have complete control over your entire Web server and its security features. Use the following practices for controlling membership of the Administrators group:
Use Windows NT User Manager for Domains to specify user rights policies for Windows NT user groups. User rights policies define the Web server administrative actions that a user can perform. For example, you can establish a policy that ensures that public users do not have the right to remotely shut down your Web server. As a rule, try to establish very restrictive user rights policies in order to avoid accidentally giving users the ability to alter your Web server and its resources.