IIS Flashcards
IIS defined
Internet Information Services (IIS) for Windows® Server is a flexible, secure and manageable Web server for hosting anything on the Web. From media streaming to web applications, IIS’s scalable and open architecture is ready to handle the most demanding tasks.
Centralized Web Farm Management
Deploy and manage Web sites and applications across large farms of Web servers from a central place.
Scalable Web Infrastructure
Dynamically scale web farm capacity with HTTP-based load balancing and intelligent request routing.
Enhanced Server Protection
Maximize web server security through reduced server footprint and automatic application isolation.
Minimize Web Server Footprint
Administrators can depend on IIS 7.0 for more secure hosting of Web applications. IIS 7.0 has been redesigned from the ground up to incorporate a modular architecture that enables administrators to customize their Web servers by selectively installing or removing modules. Administrators can install only the features that address the needs of the business while eliminating the server performance reductions and security risks that come with running unused server functionality. Administrators can easily minimize the attack and servicing surface, as well as shrink the process memory footprint. Only the modules required to run IIS as a static image server are installed by default in IIS 7.0. The default installation allows the IT administrator to start from the most secure base, adding on modules only as needed by the applications and services hosted on the Web server.
Windows Server Core Support
To further limit security exposure administrators can choose to install a minimal environment with the Server Core installation option of Windows Server 2008. Server Core omits graphical services and most libraries, in favor of a stripped-down, command-line driven system. Server Core can be administered locally via the IIS command-line utility AppCmd, or remotely by using WMI. Because Server Core has a select number of roles, it can improve security and reduce the footprint of the operating system. With fewer files installed and running on the server, there are fewer attack vectors exposed to the network; therefore, there is less of an attack surface. Administrators can install just the specific services needed for a given server, keeping the exposure risk to an absolute minimum.
Automatic Web site isolation
IIS 7.0 offers greater application isolation by giving worker processes a completely unique identity and sandboxed configuration by default, further reducing security risks. IIS 7.0 includes automatic application pool isolation and can sandbox thousands of Web sites on a single server. This allows each Web site to run in its own memory space with an automatically generated, unique identity, which helps to ensure applications are not affected by other failures or security breaches of applications running on the same server. This capability enables organizations to consolidate more Web sites onto fewer servers, and increases security and reliability for all Web sites running on a shared host.
Secure Content Publishing
IIS7 makes publishing Web content more secure with built-in support for standards-based publishing protocols.
Secure Content Publishing - FTP
The FTP Publishing Service for IIS 7.0 allows Web content creators to publish content more easily and securely to IIS 7.0 Web servers using modern Internet publishing standards. FTP7 enables secure publishing of content using FTP over SSL (FTPS), with support for Internet standards such as UTF8 and IPv6. New management tools, built-in to IIS Manager, allows users to enable FTP for an existing Web site, instead of creating separate FTP and Web sites to host the same content. FTP for IIS 7.0 also allows hosting multiple FTP sites on the same IP address through virtual host name support. FTP for IIS 7.0 removes the need to create Windows user accounts on the server to enable FTP publishing by allowing authentication using IIS Manager User accounts and .NET Membership. It also provides enhanced logging that records all FTP traffic to help track FTP activity and diagnose potential issues.
WebDAV
Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that allows clients to perform remote Web content authoring operations. WebDAV is defined in RFC 4918 by a working group of the Internet Engineering Task Force.
The WebDAV protocol provides a framework for users to create, change and move documents on a server. The most important features of the WebDAV protocol include the maintenance of properties about an author or modification date, namespace management, collections, and overwrite protection. Maintenance of properties includes such things as the creation, removal, and querying of file information. Namespace management deals with the ability to copy and move web pages within a server’s namespace. Collections deal with the creation, removal, and listing of various resources. Lastly, overwrite protection handles aspects related to locking of files.
Secure Content Publishing - WebDAV
The WebDAV Extension for IIS 7.0 is a new module written specifically for Windows Server 2008 that enables Web authors to publish content more easily and securely than before, and offers Web administrators and hosters better integration, configuration and authorization features.
WebDav
WebDAV for IIS 7.0 integrates seamlessly with the new IIS 7.0 Manager console and allows more secure publishing of content using HTTP over SSL. WebDAV for IIS 7.0 can be enabled at the site level, unlike in IIS 6.0, which enabled WebDAV at the server-level through a Web Service Extension. WebDAV for IIS 7.0 supports per-URL authoring rules, allowing administrators to specify custom WebDAV security settings on a per-URL basis with one set of security settings for normal HTTP requests and a separate set of security settings for WebDAV authoring. WebDAV conforms to the HTTP Extensions for Distributed Authoring standard.
Access Protection
Safeguard your Web server from malicious requests and unauthorized access with new URL authorization rules and built-in request filtering.
IIS 7.0 provides a secure, reliable platform for Web application and services hosting. New support for URL authorization and request filtering rules give administrators fine-grained control over access of site content.
Access Protection - URL Rewriting
Administrators can also use URL Rewriter for IIS 7.0, which enables dynamic modification of URLs based on rules defined by the site administrator, to protect applications on the Web server. For example, rules can be created which prevent other sites from ‘hot-linking’ to a Web site’s images or video content, thereby stealing content from the server and wasting bandwidth. Using rule templates, rewrite maps and other functionality integrated into IIS Manager, administrators can easily set up rules to define URL rewriting behavior based on HTTP headers and server variables.
HTTP Strict Transport Security (HSTS)
IIS 10.0 Version 1709 is the latest version of Internet Information Services (IIS)
HTTP Strict Transport Security (HSTS), specified in RFC 6797, allows a website to declare itself as a secure host and to inform browsers that it should be contacted only through HTTPS connections. IIS 10.0 Version 1709 introduces turn-key support for enabling HSTS without the need for error-prone URL rewrite rules.
Container Enhancements
IIS 10.0 Version 1709 is the latest version of Internet Information Services (IIS)
IIS 10.0 Version 1709 introduces improvements that allow you to run the IIS worker process (w3wp.exe) directly as well as changes to the Central Certificate Provider (CCS) that makes it more ammenable for running in containers.
