CYA Securing IIS 6.0 [ILLUSTRATED] (Paperback)

~ Chris Peiris (Author), Bernard Cheah (Editor), Ken Schaefer (Editor)
Key Phrases: web application pool, configured anonymous user account, enrollment support component, Active Directory, Directory Security, Cancel Apply Help (more...)

Editorial Reviews

Product Description

A highly portable, easily digestible road-map to configuring, maintaining and troubleshooting essential IIS 6.0 features.The book is organized around the 15 "MMCs" (Microsoft Management Consoles) that contain the configuration menus for the essential features. The options within each menu are explained clearly, potential problems are identified up-front, and configurations are subsequently presented in the aptly named "By the Book" section for that MMC. Readers will also appreciate the "Reality Check" sidebars througout, which present valuable cost/benefit analyses of situations where there is no single "right" answer.

* A checklist for network engineers and administrators to make sure they have configured you network professionally and responsibily
* The information needed by networking professionals responsible for configuring, maintaining and troubleshooting Microsoft's Internet Information Server 6.0
* Cleeraly and concisly identifies those features of IIS that represent the highest risk factors for attacks

About the Author

Bernard Cheah (MCP+I, MCSE, MCDBA, CCSE) Microsoft Most Valuable Professional (MVP) specialized in IIS server. He is currently a contract Solution Consultant working on Internet solutions analysis, design and consultancy as well as implementation, primary focus includes online ecommerce system security and high availability features. He is currently pursuing his Master in Strategy Business IT at University of Portsmouth, UK.

Ken Schaefer hails from Sydney, Australia, where he is currently the Web Applications Developer for the University of New South Wales. Ken also has systems administration experience with WinNT 4/2000 server, SQL Server (6.5, 7, 2000), IIS (3, 4, 5) and MacOS (6+), as well as development experience with ASP, ASP.Net, ADO, ADO.Net, VB, SQL Server and Access. He was recently honored with a Microsoft MVP distinction in the Windows Server (IIS) category. Ken received a Bachelor's Degree in Commerce at the University of New South Wales, where he is currently pursuing a Master's Degree in Business Technology.

Chris Peiris (MVP, MIT, BComp, BBus (Accounting), PhD Candidate) works as an independent consultant for .NET and EAI implementations. His latest role is with the Commonwealth Bank of Australia. He also lectures on Distributed Component Architectures (.NET, J2EE & CORBA) at Monash University, Caulfield, Victoria, Australia. He has been awarded the title "Microsoft Most Valuable Professional" (MVP) for his contributions to .NET technologies by Microsoft, Redmond. Chris is designing and developing Microsoft solutions since 1995. His expertise lies in developing scalable, high-performance solutions for financial institutions, G2G, B2B and media groups. Chris has written many articles, reviews and columns for various online publications including 15Seconds, and Developer Exchange. He has co-authored several books on Microsoft technologies, including C# Web Services, C# for Java Programmers, MCSA/MCSE Managing and Maintaining a Windows Server 2003 Environment (Exam 70-290) and M! anaging and Maintaining a Windows Server 2003 Environment for an MCSA Certified on Windows 2000.

Product Details

• Paperback: 352 pages
• Publisher: Syngress; 1st edition (April 1, 2004)
• Language: English
• ISBN-10: 1931836256
• ISBN-13: 978-1931836258
• Product Dimensions: 9 x 5.8 x 1.1 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 3.4 out of 5 stars  See all reviews (5 customer reviews)
• Amazon.com Sales Rank: #1,016,378 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

6 of 7 people found the following review helpful:

5.0 out of 5 stars Know you're covered, October 3, 2004

By	ueberhund "ueberhund" (Salt Lake City, UT United States) - See all my reviews

Most people in the business world are likely familiar with the term "CYA", which is exactly what this book is designed to do. The authors intend that reading this book will give IIS administrators the information they need to keep their networks secure, and hence keep their jobs. This is the first CYA book I've read, and I was quite impressed by the nice balance between providing enough useful information without overkill. The book is designed to get right to the point by showing (not telling) exactly what is required in securing an IIS 6 installation.

Each chapter is focused on a specific section of IIS security. Chapters cover topics as varied as Basic IIS security, Advanced IIS security, monitoring, and general Server 2003 hardening. Each chapter contains the some information on the Microsoft recommended procedure for the particular practice (what the authors call "By the Book"). Additionally, you will find many sections throughout the book labeled "Realty Check", which is designed to highlight how to either do something different from what Microsoft recommends or what some of the problems associated with the recommended procedure might be. Finally, "Notes from the Underground" popup frequently, which help illustrate how hackers might utilize poor security around the illustrated practice in order to gain something.

I found the chapters to be well laid-out, easy to follow, and right to the point. This book helped provide some real insight to various security practices around IIS, and was quite interesting to read as well. This book is a must-have if you are responsible for monitoring or maintaining IIS 6 in your infrastructure.

I am definitely looking forward to reading the next in the series of CYA books!

3 of 4 people found the following review helpful:

5.0 out of 5 stars Excellent book!, August 11, 2004

By	BP "BP" (Sweden) - See all my reviews

Thank you guys for an excellent book! I have been developing applications for IIS for many years and think you have done a great job in explaining how it all works. I also very much like the "reality check" concept. Keep up the good work!

2.0 out of 5 stars Maybe it won't..., July 8, 2009

By	Jay P. Vansanten - See all my reviews (REAL NAME)

Amazon Verified Purchase

This book does cover security in IIS. But, the content largely repeats Microsoft documentation which is available at no cost elsewhere. The presentation consists largely of screen shots plus instructions of what fields to fill in. Background and design information is mentioned but generally not integrated into the text for any practical result. There is very little "system administrator" perspective offered to provide a coherent approach to addressing IIS security.

The check lists are a good idea. However, unfortunately, you'll often have to look outside the book itself for information about the topics: locking down Win 2003 is particularly eggregious in this respect.

You'll find little information about password technology in Windows. Approaching this correctly is critical for avoiding some serious vulnerabilities.

The value of the book is that it presents information relevant to IIS security in one place. However, other books present the same information more thoroughly, with better background and administration guidance. Check IIS 6 Administration or Microsoft® IIS 6.0 Administrator's Pocket Consultant (IT-Administrator's Pocket Consultant) for precisely that.