The security architecture of Windows NT Server is used across all system components, with authentication tied to controlled access to all system resources. IIS integrates into the Windows NT security model and operating system services such as the file system and directory. Because IIS uses the Windows NT Server user database, administrators do not need to create separate user accounts on every Web server, and intranet users need only to log on to their network once. IIS automatically uses the same file and group permissions as the existing file, print, and application servers.
Some Web servers install their own security implementations on top of the operating system, creating additional overhead and potential security exposure due to lack of integration and synchronization. Windows NT Server is secure by design. Files and system objects can only be accessed with the proper permissions. User and group accounts are managed by a globally unique identification. When accounts are deleted, all access permissions and group memberships are deleted. So even if a new account is created using a previous user name, none of the permissions are inherited.
Permissions to control access files and directories can be set graphically, because IIS uses the same Windows NT Server Access Control Lists (ACLs) as all other Windows services, such as file sharing or Microsoft SQL ServerTM permissions. Permissions for the Web server are not separate from other file services, so the same files can be securely accessed over other protocols, such as FTP, CIFS/SMB, or NFS without duplicating administration.Administrators do not need to maintain multiple sets of user databases, and all of the services for literally hundreds of intranet servers can be managed from a single graphical tool.
IIS produces standard Web server access logs to analyze usage. Integration with Windows NT Server also means IIS can take advantage of system auditing for more secure monitoring of resource use. For example, failed attempts to access a secure file can be recorded in the Windows NT Event Log, and audited with the same tools used for managing existing servers.
|
IMPORTANT CONCEPTS |
|
| ACCESS CONTROL LIST | A list of access control entries (ACEs) specifying account holders in a network setting. Microsoft uses the access control list to facilitate approval or denial of access to some, or certain, resources on the network (restrict access through DACL or audit access through SACL). |
| FILE TRANSFER PROTOCOL (FTP) | Application protocol, part of the TCP/IP protocol stack, used for transferring files between network nodes. FTP is defined in RFC 959. |
| NETWORK FILE SYSTEM (NFS) | As commonly used, a distributed file system protocol suite developed by Sun Microsystems that allows remote file access across a network. In actuality, NFS is simply one protocol in the suite. NFS protocols include NFS, RPC, XDR (External Data Representation), and others. These protocols are part of a larger architecture that Sun refers to as ONC, which is Open Network Computing. |
| SECURE SOCKET LAYER |
The SSL protocol provides communications privacy, authentication, and message integrity by using a combination of public-key and symmetric encryption. By using this protocol, clients and servers can communicate in a way that prevents eavesdropping, tampering, or message forgery. |
| SQL | Structured Query Language; often refers to a database (DB) application developed by Microsoft which manages data either as a standalone application or more usually a network application. When used in conjunction with IIS4 or IIS5, this application manages information or data over the internet, intranet, or LAN. |