IIS Articles

Introduction to IIS 6.0 on Windows Server 2003
· 3

Welcome to the first installment of Internet Information Services 6.0 on Windows Server 2003. I have decided to write this series of articles aimed at Internet Information Services 6.0 on Windows Server 2003 as both a refresher for the IT professional that is familiar with designing and administrating IIS 4 and 5 as well as allowing some of the newcomers to the service to get their feet wet so to speak.

Reading Your IIS Log Files with ColdFusion

Have you ever wanted to parse through your IIS web logs to create a “WebTrends” like application in ColdFusion?

Authentication in IIS

We often think about security measures as ways of protecting resources by preventing access to them. The need for authentication arises because, in the real world, keeping people out of protected areas is only half the battle. Authentication is about letting certain people (or processes) in, while keeping everyone else out. In practice, this usually means some people are going to have to be given secrets (passwords) that will form part of the credentials they need to present in order to gain access to protected resources. But since, as the old saying goes, the best way to keep a secret is not to, the distribution and exchange of access-providing secrets inevitably raises the level of risk to a secure system. A major goal of authentication, from a security point of view, is minimizing that risk – especially when users are being authenticated remotely, over publicly-accessible networks. Authentication is the process of poking minimally risky holes in one’s security.

Create FTP and Web IIS Virtual Directory Using C#

In this example we will create a Windows Form Project that will create new FTP and Web IIS Virtual Directories from code based on the name and path specified by the user. You can create virtual directories on the local computer by specifying the server name as “localhost” or you can create the virtual directory on a remote computer by specifying the machine name.

NetCat Security

Netcat is a utility that is able to write and read data across TCP and UDP network connections. If you are responsible for network or system security it essential that you understand the capabilities of Netcat. Netcat can be used as port scanner, a backdoor, a port redirector, a port listener and lots of other cool things too. It’s not always the best tool for the job, but if I was stranded on an island, I’d take Netcat with me. During this tutorial I’ll demonstrate a complete hack, using Netcat only, just to point out how versatile it is.

Using Web DAV with IIS 5.0

The basic purpose of WebDAV is to provide file I/O through HTTP. This permits your to load, edit, delete, create subdirectories, and basically manage files located on the Web Server from the client desktop. Of course, MS has several products that already permit remote manipulation of remote websites.

Introduction to WAP using WML, ASP and PHP
· 4

By Jean-Baptiste Minchelli

As technology changes, so do the tools that we use to manipulate it. Today the Internet is available from a number of devices, both connected and portable.

Mask Your Web Server for Enhanced Security

Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and “script kiddies”.

Ten Ways to Make the Most of IIS

As an IIS administrator it sometimes gets downright annoying having to fend off all the insults from Apache admins I meet claming innate server superiority. Generally the discussion about Web administration starts first with all the various security holes plaguing IIS and the negative press the platform garnered over the last year.

IIS Workflow Described

IIS order of Operations

Contceptually, IIS has three processing stages:

  1. Decoding the target (web page) of the request

  2. Serving the request

  3. Finishing the request, which includes logging