- Maximizing Certificate Services Implementations
- Securing Certificate Services
- Getting the Most Out of Smartcards
- Tips and Tricks for Securing Access to the Network
- Creating a Single Sign-on Environment
- Securing Access to Web Servers and Services
- Protecting Certificate-based Services from Disaster
- Integrating Smartcards with Personal Devices
Securing Access to Web Servers and Services
Using the smartcard to store the user's credentials to access any number of Web-based servers and services can greatly reduce the risk of impersonation. Ensuring the user is using two-factor authentication also allows for better tracking and auditing of network resource access.
Locking the Doors
By locking down access to IIS 6.0 Microsoft has created a more secure by default design. The baseline security of the server enables you to decide which virtual doors to open to outside users of the Web-based applications.
Directory access is a primary concern with both Web and locally accessed file-based applications. Administrators must create the proper groups and grant those groups the appropriate level of access to the resources. Granting execute access to the appropriate directories where applications are contained is fundamental in securing the company's Web-based applications.
Hiding the Keys
If the keys to the kingdom are hanging on a hook next to the front gate things are not very secure. Hackers know very well where applications are open. By moving things around a little bit it makes the opposition work a bit harder in compromising your network.
Moving ports can make port scanning less effective in finding which services are running on the network servers. All applications are listening on well-known TCP ports. Examples of common ports are as follows:
People who want to listen in to your network conversations can do this very easily. Now, what they get to listen to is up to you. Renumbering ports and encrypting the data going back and forth between the client and the server is a good way to keep people from eavesdropping.