Go back to the Delta Guide Home Page. Download this article as a PDF file.

IIS Security Overview

In recent years, IIS has gained quite a reputation for itself. Unfortunately, a big part of that reputation is for a lack of security. IIS 6 purports to solve many of IIS's security problems, but will it really? To help answer that question, we've compiled a list of the many reasons IIS is considered insecure in the first place. Use this list to place IIS's reputation into a practical context, and think about what IIS 6 is doing to address these concerns:

All in all, IIS 6 is likely to cause fewer security problems out of the box, simply because it won't be on every Windows Server 2003 box in existence. Hopefully, administrators will refrain from deploying IIS until they're familiar with the risks and the necessary precautions. And hopefully Microsoft's Secure Computing initiative will prove to be more than just lip service paid to a popular cause. In the end, we probably won't know how secure IIS 6 is until IIS 7 is ready to ship because subtle security flaws can often take a long time to surface. IIS 6 should, however, show us whether Microsoft is on the right track to producing a more secure and stable Web server product.

© Copyright Pearson Education. All rights reserved.

Go back to the Delta Guide Home Page. Download this article as a PDF file.