W2K8 stand alone security
What is the bestsecurity practicefor stand alone (no domain) W2K8 IIS web servers:- use of security template- use of security configuration wizardAfter reading de 'Windows Server 2008 security guide' which assumes all the servers are part of a domain I'm not sure which way to go!Maarten
June 23rd, 2008 2:11pm

Hi Maarten, If you have a domain environment, it is better for us to make the IIS web server as a member of the domain, which is more secured. If the Windows Server 2008 web server is a stand alone server, you may use and apply security template and security configuration wizard to enhance the security of the Web server. For your convenience, I have list some documents for you. IIS 7.0: Configure Web Server Securityhttp://technet2.microsoft.com/windowsserver2008/en/library/939d621e-c023-48f8-9503-47f24a6be7211033.mspx Chapter 6: Hardening Web Serviceshttp://technet.microsoft.com/en-us/library/cc264459.aspx HOW TO: Use and Apply the IIS Secure Internet Web Server and Secure Intranet Web Server Security Configuration Templates in Windows 2000http://support.microsoft.com/kb/317376/en-us Security Configuration Wizard Documentationhttp://www.microsoft.com/downloads/details.aspx?FamilyID=903fd496-9eb9-4a45-aa00-3f2f20fd6171&displaylang=en Deployment Guide for the Security Configuration Wizardhttp://technet2.microsoft.com/windowsserver/en/library/5254f8cd-143e-4559-a299-9c723b3669461033.mspx?mfr=true IIS 6.0 Security Best Practiceshttp://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596cdf5a-c852-4b79-b55a-708e5283ced5.mspx?mfr=true Best Practices to Improve IIS 6.0 Scalabilityhttp://www.microsoft.com/technet/serviceproviders/apps1_5/CMSU_WH_Plan_CONC_Best_Practices_to_Improve_IIS6_Scalability.mspx?mfr=true Hope it helps.Your potential. Our passion.
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2008 10:27am

Hi David,Thanks for all the info.We will be running8 IIS 7.0 2008 web servers at a datacenter. Using IIS ina domain would mean creating a single point of failure being the domaincontroller, oke this could be fixed by adding a extra domaincontroller.A domain setupwouldthenmeanextra costs of hardware and licences.For manageability I do seethat using a centralized domain GPO is an advantage. Could you please explain why running a IIS web server as a member of a domainwould be more secure than running stand alone? I hope I can achieve the same security level with a template (whichshould do what a domain GPO would do).Thanks,Maarten
June 24th, 2008 11:43am

Hi Maarten, As a member server of a domain, we may enable IPsec nigotiation between the server and the domain clients, which is more securable since the traffic will be encryted by IPSec. Especially if you want to secure the network communication between the web server and the clients, you can use certificate to enable HTTPS (SSL) for the web services. We can also use Windows Integrated authentication which is more secure than basic authentication in stand alone server, and it functions well in an intranet environment where users have Windows domain accounts. Please refer to: HOW TO: Configure Internet Information Services Web Authentication in Windows Server 2003http://support.microsoft.com/kb/324276/en-us For guidance on how to secure the Web Server role, you may refer to (Chapter 6: Hardening Web Services) in the following document: Windows Server 2008 Security Guidehttp://www.microsoft.com/downloads/details.aspx?FamilyID=fb8b981f-227c-4af6-a44b-b115696a80ac&displaylang=en Hope it helps.Your potential. Our passion.
Free Windows Admin Tool Kit Click here and download it now
June 25th, 2008 11:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics