Home > Articles

  • Print
  • + Share This
This chapter is from the book

Securing Access to Web Servers and Services

Using the smartcard to store the user's credentials to access any number of Web-based servers and services can greatly reduce the risk of impersonation. Ensuring the user is using two-factor authentication also allows for better tracking and auditing of network resource access.

Locking the Doors

By locking down access to IIS 6.0 Microsoft has created a more secure by default design. The baseline security of the server enables you to decide which virtual doors to open to outside users of the Web-based applications.

Directory access is a primary concern with both Web and locally accessed file-based applications. Administrators must create the proper groups and grant those groups the appropriate level of access to the resources. Granting execute access to the appropriate directories where applications are contained is fundamental in securing the company's Web-based applications.

Hiding the Keys

If the keys to the kingdom are hanging on a hook next to the front gate things are not very secure. Hackers know very well where applications are open. By moving things around a little bit it makes the opposition work a bit harder in compromising your network.

Moving ports can make port scanning less effective in finding which services are running on the network servers. All applications are listening on well-known TCP ports. Examples of common ports are as follows:

  • 21 FTP

  • 23 Telnet

  • 25 SMTP

  • 80 HTTP

  • 110 POP3

  • 443 SSL

Requiring SSL

People who want to listen in to your network conversations can do this very easily. Now, what they get to listen to is up to you. Renumbering ports and encrypting the data going back and forth between the client and the server is a good way to keep people from eavesdropping.

  • + Share This
  • 🔖 Save To Your Account