Welcome toChina Server Net
About us | Add to Favorites | Contact us | 中文版
Magical function SSL adds a lock to IIS
From;    Author:Stand originally

Because the Yi Wei of NT system protects a gender, more and more medium and small businesses handle official bussiness with interior on his website it is used on administrative system, and it is to use acquiescent IIS to do WEB server use more very. A few loophole that cannot deny system of latter and minatory NT of course are created, and can foreknow, prospective IIS still can be discovered a lot of new loophole and safe problem, but want us to had done reasonable safe configuration only, still can avoid very much safe hidden trouble. The article does not have methodical to tell how to configure IIS safely in the round, I am only from what use SSL to add close HTTP passageway to if enhance IIS security,be told.
One, establish SSL safe mechanism
The identity attestation of IIS requests besides faceless visit, basic test and verify and Windows NT / outside answering way, still have the attestation with a kind of higher security, pass SSL namely (Security Socket Layer) certificate of safe mechanism use number. SSL (add layer of agreement of word of close dowel joint) be located in between HTTP layer and TCP layer, build user and server between add close communication, ensure place hands the security of information. SSL is the job is in communal close key and private on close key foundation, any users can be obtained communal close key will add secret data, but decode data to must want to pass corresponding private close key. When use SSL safe mechanism, above all client end and server establish link, server the digital certificate it and communal close key sends a client to carry along with all the others, client end makes conversation close key randomly, with what get from the server communal close key undertakes adding to conversation close key close, deliver conversation close key to the server on the network, and conversation close key is carried in the server only with private close key ability is decoded, such, client end and server end established the safe channel of an only.
After establishing SSL safe mechanism, the Web site that the client ability that only SSL allows and SSL allow has communication, when and be in using URL resource positioner, input Https:// , is not Http:// .
The HTTP agreement that says we use below acquiescent circumstance simply is to do not have any adding of close measure, all messages convey on the network with form of proclaimed in writing entirely, baleful aggressor can monitor a program to obtain we and the communication content between the server through installation. This bit of harm is in a few enterprises compare especially in in-house network big, it is to do not have any safety to because anybody is OK,can be told simply for the net inside the enterprise to using HUB someone else sees on a computer the activity in the network, come to using switching equipment for the network of group net although safe and minatory sex wants a lot of smaller, but a lot of moment or meeting have safe breach, did not change the acquiescent user of switching equipment and countersign for instance, be gone up to be oneself network interface setting monitor mouth, still can monitor all activities of whole network.
Previous12 Next

Previous:no article
Next:IIS 状态代码