Internet Information Server: Implementing FTP Service

Internet Information Server
Module
Implementing FTP Service

jingyu November 1998
4 1-1
Implementing FTP Service

•Objective
—describe the various features of the FTP
service
—explain the function of the property sheets
associated with FTP service
—demonstrate how to configure the service
—establish a FTP service using the ISM snap-in
—configure the service property sheet
jingyu November 1998 1-2

Overview
• The FTP Service
• Virtual Servers and Directories
• Types of FTP Property Sheets
• Configuring the FTP Service

The FTP Service
Client
Client Internet
Internet Site
Site
Application
ApplicationLayer
Layer Application Layer
Cache Application Layer
Cache
HTTP FTP Gopher File
HTTP FTP
System
Windows Sockets
Windows Sockets
TCP UDP Transport Layer TCP UDP Transport Layer
IP Internet Layer IP Internet Layer
Network
NetworkInterface
Interface Network
NetworkInterface
Interface
Virtual Servers and Directories
e e
ftp.karl.com
e
ftp.yukiko.com
e
ftp.maria.com
Virtual Servers Virtual Directories

Configuring the FTP Service

• FTP Site
• Security Accounts
• Messages
• Home Directory
• Directory Security

Create an FTP Site

FTP Site

FTP Site
Disconnect a current session

Security Accounts
jingyu November 1998 1 - 10

Allow only anonymous connections
FTP Site permit only anonymous users,

but it can prevent users try to connect the
site use their own account and password.

Messages

Home Directory

Home Directory
•Configure List format
-UNIX
150 Opening ASCII mode data connection for /bin/ls
dr-xr-xr-x 1 owner group 0 Feb 26 11:45 ftptest
-r-xr-xr-x 1owner group 4500693 Oct 15 20:45 iis.log
226 Transfer complete
-MS-DOS
150 Opening ASCII mode data connection for /bin/ls
02-26-99 11:45am <DIR> ftptest
11-15-99 8:45pm 4500693 iis.log
226 Transfer complete

Directory Security

Create Virtual Directory
•Create Virtual Directory

•List Virtual Directory in
Directory List

Make Annotate on Directory

HKEY_LOCAL_MACHINE
System
CurrentControlSet
Services
MSFTPSVC
Parameters

Make Annotate on Directory

•Create AnnotateDirectories TYPE = DWOR
D
•Set AnnotateDirectories=1
•net stop MSFTPSVC
•net start MSFTPSVC
•In Explore ,create a file name ~ftpsvc~.ckm

Lab 4: Configuring the FTP Service

Useful Resource
P121

Review
• The FTP Service
• Virtual Servers and Directories
• Types of FTP Property Sheets
• Configuring the FTP Service

Examples
• You setup a FTP site and setup a virtual directory
and set the list to UNIX .afterwards not all users
can access it why?
Assign NTFS rights
Set listing style to MS-DOS

examples

Module 4
The End

Module
Implementing Security Features

jingyu November 1998
5 1 - 25
•Implementing Security Features
•Objective
—provide an overview of the security
features of IIS
—demonstrate the various Internet-
related security features
—determine the best security
configuration for a specify Web server
Security Features in IIS
•User Authentication
•IP or Domain name restriction
•NTFS
•SSL

Three Authentication Methods
•Anonymous
•basic
•NT Challenge/response

Anonymous Access
Users do not supply a username and pas

sword to access unprotected resources. Inst
ead, IIS uses a special guest account (IUS
R_<Computername>) as the logon account
and uses this account to open resources for
the connected user.

Basic
Browsers will prompt the user for a name

and password during the authentication
process. The user account and password are
sent unencrypted from the Web browser to
the server.

NT Challenge/response
NT challenge/response does not

transmit an actual passwords across the
network.Instead,the server engages in a
cryptographic exchange with the Web
browser to prove the correctness of the
supplied password.
NT Challenge/response takes precedence
over Basic authentication.

Anonymous Access and Authentication Control
 Anonymous Access has user-applied restrictions
 Authentication Control denies access and then queries

the user for authentication
Name:
Password:
Name:
Xxxx
Password:
xxxxxxxx

Authentication Methods

Web Server Permissions for Files and Directories

NTFS Permissions
Five standard types of permissions:
 Full Control
 No Access
 Read Only
 Change
 Special Access

IP Access and Domain Name Restrictions

IP Access and Domain Name restrictions

子网地址的最后数字范围内的地址数
128 （ 10000000 ） 128
192 （ 11000000 ） 64
224 （ 11100000 ） 32
240 （ 11110000 ） 16
248 （ 11111000 ） 8
252 （ 11111100 ） 4
254 （ 11111110 ） 2
255 （ 11111111 ） 1 （不用）

Securing Communication with IIS
• How Encryption Works

• Public Key Cryptography
• Digital Certificates
• How SSL Works
• Using SSL with IIS

How Encryption Works
Message Message
Private Key Public Key

to Encrypt to Decrypt

Symmetry Cryptography
Alice Bob
Crypt Data
“Hello Bob” “Hello Bob”
Encrypt Decrypt

Public Key Cryptography
Digital Sign
ature
Sender uses Recipient

Own Private Send uses Sender’s
Key Public Key
Sender Recipient
Send
Digital Sender uses Recipient
Envelope Recipient’s uses Own
Public Key Private Key
Digital Certificates
Certificate contains
the recipient’s
identification and
public key
Signed with CA
Private Key which
I.D.
validates this
certificate

SSL
SERVICE
SMTP HTTP Telenet FTP NNTP
Secure Sockets layer
TCP/IP

How SSL Works
1
3
Browser 40 bit or 128 bit? Web Server
e
4 5
6
Lab 6: Restricting Access to a Web Site

Review
• Windows NT Server Security
Recommendations
• Security Requirements for Internet
Servers
• Access Control with IIS
• Securing Communication with IIS

Useful Resource
P191

Examples
• How can you maximize the performance if
you using SSL
Add more RAM
Increase CPU
Fast HD
Use SSL Certificate

examples
• You want to get the most performance out
of your IIS Server .what is the best way to
secure sensitive directories?
Enable SSL only when required
Enable SSL all the time
Use the client certificate
Move SSL directories to a separate PC

Examples
• If you secure the access to a web page using
SSLhow must you change the URL in order
to access the secured page?
http://
httpssl://
https://

Examples
• Colton needs to limit the access to this web site to only those hosts
on his intranet. All the hosts on his intranet have IP addresses
between 200.1.1.0 and 200.1.1.63. Using IP and Domain Name
Restrictions,Colton selects Group and enters the first IP address
in the IP field.what must he enter in the Subnet Mast field.
• 255.255.255.0
• 255.255.255.128
• 255.255.255.192
• 255.255.255.224
• 255.255.255.240

•Examples
• Zachary wants to create a web site to which the public is not
allowed access.Instead,only the internal hosts that fall within a
specified IP address range can get to it .he sets the IP and
Domain Restriction specifications to an IP address of 192.2.2.0
and the subnet Mask to255.255.255.240.which host address
can access Zachary’s site?
• 192.2.2.0 through 192.2.2.3
• 192.2.2.0 through 192.2.2.7
• 192.2.2.0 through 192.2.2.15
• 192.2.2.0 through 192.2.2.31
• 192.2.2.0 through 192.2.2.61

examples
• Susan logs onto a sensitive web and it is set up
to use Basic Authentication.what is Encrypted?
Password and data
Password is encrypted,data is not
Data is encrypted,Password isn’t
Neither password nor data

examples
• Susan logs onto a sensitive web and it is set up
to use Basic Authentication.what is Encrypted?
Password and data
Password is encrypted,data is not
Data is encrypted,Password isn’t
Neither password nor data

examples
• You set up a web site on your intranet .clients use different
browsers.when some clients try to access pages they receive
an error message like”Error 401.2,browser does not support
required encrypted method…”
 Browser does not support SSL
 Site server using NT Challenge/Reponse authentication
method

examples
• One client can’t reach web site but another can with
web browser?
• Install capable browser
• Two sets of users access your site ,some intranet and
some internet .the external use browsers that cannot
access NT Challenge/response,how do you set up your
site for access both?
• Basic authentication

Module 5
The End

Internet Information Server: Implementing FTP Service

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Internet Information Server: Implementing FTP Service

Загружено:

Авторское право:

Доступные форматы

Internet Information Server

Implementing FTP Service

Implementing FTP Service

jingyu November 1998 1-2

jingyu November 1998 1-3

TCP UDP Transport Layer TCP UDP Transport Layer

IP Internet Layer IP Internet Layer

Virtual Servers Virtual Directories

Configuring the FTP Service

jingyu November 1998 1-6

Create an FTP Site

jingyu November 1998 1-7

jingyu November 1998 1-8

Disconnect a current session

jingyu November 1998 1-9

jingyu November 1998 1 - 10

Allow only anonymous connections

FTP Site permit only anonymous users,

jingyu November 1998 1 - 11

jingyu November 1998 1 - 12

jingyu November 1998 1 - 13

jingyu November 1998 1 - 14

jingyu November 1998 1 - 15

Create Virtual Directory

•Create Virtual Directory

jingyu November 1998 1 - 16

Make Annotate on Directory

jingyu November 1998 1 - 17

Make Annotate on Directory

jingyu November 1998 1 - 18

Lab 4: Configuring the FTP Service

jingyu November 1998 1 - 19

jingyu November 1998 1 - 20

jingyu November 1998 1 - 21

jingyu November 1998 1 - 22

jingyu November 1998 1 - 23

jingyu November 1998 1 - 24

Implementing Security Features

Security Features in IIS

jingyu November 1998 1 - 27

Three Authentication Methods

jingyu November 1998 1 - 28

Users do not supply a username and pas

jingyu November 1998 1 - 29

Browsers will prompt the user for a name

jingyu November 1998 1 - 30

NT challenge/response does not

jingyu November 1998 1 - 31

 Authentication Control denies access and then queries

jingyu November 1998 1 - 32

jingyu November 1998 1 - 33

Web Server Permissions for Files and Directories

jingyu November 1998 1 - 34

jingyu November 1998 1 - 35

jingyu November 1998 1 - 36

IP Access and Domain Name restrictions

jingyu November 1998 1 - 37

Securing Communication with IIS

• How Encryption Works

jingyu November 1998 1 - 38

Private Key Public Key

jingyu November 1998 1 - 39