Академический Документы
Профессиональный Документы
Культура Документы
Module
Overview
• The FTP Service
• Virtual Servers and Directories
• Types of FTP Property Sheets
• Configuring the FTP Service
Application
ApplicationLayer
Layer Application Layer
Cache Application Layer
Cache
HTTP FTP Gopher File
HTTP FTP
System
Windows Sockets
Windows Sockets
Network
NetworkInterface
Interface Network
NetworkInterface
Interface
jingyu November 1998 1-4
Internet Information Server
Virtual Servers and Directories
e e
ftp.karl.com
e
ftp.yukiko.com
e
ftp.maria.com
FTP Site
FTP Site
Security Accounts
Messages
Home Directory
-MS-DOS
150 Opening ASCII mode data connection for /bin/ls
02-26-99 11:45am <DIR> ftptest
11-15-99 8:45pm 4500693 iis.log
226 Transfer complete
Directory Security
System
CurrentControlSet
Services
MSFTPSVC
Parameters
Useful Resource
P121
Review
• The FTP Service
• Virtual Servers and Directories
• Types of FTP Property Sheets
• Configuring the FTP Service
Examples
• You setup a FTP site and setup a virtual directory
and set the list to UNIX .afterwards not all users
can access it why?
Assign NTFS rights
Set listing style to MS-DOS
examples
Module 4
The End
Module
•Objective
—provide an overview of the security
features of IIS
—demonstrate the various Internet-
related security features
—determine the best security
configuration for a specify Web server
jingyu November 1998 1 - 26
Internet Information Server
•User Authentication
•IP or Domain name restriction
•NTFS
•SSL
•Anonymous
•basic
•NT Challenge/response
Anonymous Access
Basic
NT Challenge/response
Name:
Password:
Name:
Xxxx
Password:
xxxxxxxx
Authentication Methods
Message Message
Symmetry Cryptography
Alice Bob
Crypt Data
“Hello Bob” “Hello Bob”
Encrypt Decrypt
Sender Recipient
Send
Digital Sender uses Recipient
Envelope Recipient’s uses Own
Public Key Private Key
jingyu November 1998 1 - 41
Internet Information Server
Digital Certificates
Certificate contains
the recipient’s
identification and
public key
Signed with CA
Private Key which
I.D.
validates this
certificate
SSL
SERVICE
SMTP HTTP Telenet FTP NNTP
Secure Sockets layer
TCP/IP
3
Browser 40 bit or 128 bit? Web Server
e
4 5
6
jingyu November 1998 1 - 44
Internet Information Server
Review
• Windows NT Server Security
Recommendations
• Security Requirements for Internet
Servers
• Access Control with IIS
• Securing Communication with IIS
Useful Resource
P191
Examples
• How can you maximize the performance if
you using SSL
Add more RAM
Increase CPU
Fast HD
Use SSL Certificate
examples
• You want to get the most performance out
of your IIS Server .what is the best way to
secure sensitive directories?
Enable SSL only when required
Enable SSL all the time
Use the client certificate
Move SSL directories to a separate PC
Examples
• If you secure the access to a web page using
SSLhow must you change the URL in order
to access the secured page?
http://
httpssl://
https://
Examples
• Colton needs to limit the access to this web site to only those hosts
on his intranet. All the hosts on his intranet have IP addresses
between 200.1.1.0 and 200.1.1.63. Using IP and Domain Name
Restrictions,Colton selects Group and enters the first IP address
in the IP field.what must he enter in the Subnet Mast field.
• 255.255.255.0
• 255.255.255.128
• 255.255.255.192
• 255.255.255.224
• 255.255.255.240
examples
• Susan logs onto a sensitive web and it is set up
to use Basic Authentication.what is Encrypted?
Password and data
Password is encrypted,data is not
Data is encrypted,Password isn’t
Neither password nor data
examples
• Susan logs onto a sensitive web and it is set up
to use Basic Authentication.what is Encrypted?
Password and data
Password is encrypted,data is not
Data is encrypted,Password isn’t
Neither password nor data
examples
• You set up a web site on your intranet .clients use different
browsers.when some clients try to access pages they receive
an error message like”Error 401.2,browser does not support
required encrypted method…”
Browser does not support SSL
Site server using NT Challenge/Reponse authentication
method
examples
• One client can’t reach web site but another can with
web browser?
• Install capable browser
• Two sets of users access your site ,some intranet and
some internet .the external use browsers that cannot
access NT Challenge/response,how do you set up your
site for access both?
• Basic authentication
Module 5
The End