Due to the ease of maintenance of NT systems, more and more SMEs use it on their own websites and internal office management systems, and many of them are Use the default IIS to do the WEB server. Of course, we can't deny that several vulnerabilities that have recently threatened the NT system are caused by improper IIS configuration, and it is foreseeable that IIS will also find many new vulnerabilities and security issues in the future, but as long as we do a reasonable security configuration, we can still Avoid many safety hazards. This article does not systematically talk about how to configure IIS comprehensively and securely. I just use IIS to encrypt HTTP channels to enhance IIS security.
First, establish SSL security mechanism
IIS identity authentication In addition to anonymous access, basic authentication and Windows NT request /response, there is a more secure authentication, which is through SSL (Security Socket Layer) security mechanisms use digital certificates. SSL (Secure Sockets Protocol Layer) is located between the HTTP layer and the TCP layer to establish encrypted communication between the user and the server to ensure the security of the information transmitted. SSL works on the basis of public and private keys. Any user can obtain a public key to encrypt data, but the decrypted data must pass the corresponding private key. When using the SSL security mechanism, the client first establishes a connection with the server. The server sends its digital certificate together with the public key to the client. The client randomly generates the session key and uses the public key obtained from the server to encrypt the session. The key is encrypted and the session key is passed to the server on the network, and the session key can only be decrypted by the private key on the server side, so that the client and the server establish a unique secure channel.
After the SSL security mechanism is established, only SSL-allowed clients can communicate with SSL-enabled Web sites, and when using the URL resource locator, enter https://instead of http://.
Simply put, the HTTP protocol we use by default is without any encryption. All messages are transmitted in clear text on the network. Malicious attackers can install the listener. Get the communication between us and the server. This hazard is especially large in some corporate intranets. For enterprise intranets that use HUB, there is no security at all. Because anyone can see other people's activities on the network on one computer. Although the security threat is much smaller when using a switch to network, there are still many security breaches. For example, the default user and password of the switch are not changed, and the network interface is set as the listening port. It is still possible to monitor all activities of the entire network.
So it is a good security measure to fully encrypt the entire network transmission tunnel. It is a pity that there are not many articles on the network about configuring SSL for IIS. I simply explored my next. Experience is brought out for everyone to share.
Second, the operation method
Take the Windows2000 server version as an example to explain, we first need to add the delete WINDOWS component in the control panel to install the certificate service, this service is the default The installation is not installed in the system, you need to install the CD to install.
Since we are configuring for the first time, choose to create a new certificate. Use the default site name and encryption bit length settings. After the successful issuance, we will find the certificate just issued in the certificate issued, double-click its attribute column and then select the certificate to copy to the file in the details. We need to export the certificate to a file, here we export the certificate to the c: sql.cer file. Go back to the IIS web management interface and re-select the certificate request. The interface that came out at this time is the pending certificate request.
Problem Description: After posting the website/WCF to IIS, it was reported to be wrong. Reason: A
I recently found openssl and found that the certificate is safe. Then on the Internet, I found out h
For the DHCP server, we understand some of its basic conditions and configuration
Although blade servers have been a constant data center device for many years, the situation has cha
Configuring Internet access for DNS in Windows Server 2003
How does the Apache server traverse the proxy server? The environment of the
IIS W3SVC service due to performance counter error and crashed
Seven tips to help protect your server data security
Event Code: 3005 Event Message: A resolution of an unhandled exception occurred
The management server ensures that the actual management experience of security is shared.
How to change the OHS port to 80
Linux security The trick to harden Linux servers
Send mail configuration method of php mail function under iis
How to prevent website database intrusion
How to install Microsoft released Windows 7 SP1
Multi-network disk is not messy and easy to manage with skills
Teach you how to restore the boot menu in Windows
I just found a funny mouse gesture trick for WIN7
Unlocking the mystery of the 17 tips of the Win7 system
Win7 always appears blue screen code 0x0000007e how to do?
Win7 program does not respond to how to solve