For many web admins this may be the most important chapter and the most confusing. The concept of security makes sense, but the process can be a little complicated. This is a chapter that you’ll want to refer back to often when setting security for your websites.
I’ve run across many websites in IIS where it was clear that the admin didn’t understand how to set up proper security and left the defaults in place. IIS is secured by default, but many admins aren’t closing all the possible security holes and thus aren’t providing a well-secured platform.
Is this important? Yes. Web servers are the primary targets of hackers to gain access into your company. Good security means you probably won’t have a problem. Bad or complacent security makes your websites a target.
This chapter focuses on the different authentication methods, controlling who can access your websites, and how best to secure the filesystem permissions for your web pages. I mention some additional services for special cases along the way.
I hope you have a vitamin-enriched lunch prepared for today because you’re going to need all your mental power. Let’s get started.