Setting up web server security in IIS 7.0
Internet Information Services (IIS) 7.0 is not automatically installed when you install Windows. You must decide whether to install it. This is a security precaution that can help protect your computer from web-based viruses and hackers.
For added security, after you install IIS, your web server will serve only HTML files and image files such as bitmaps. To help provide even more protection for your web server, you must use at least one of the following security measures:
Basic authentication determines who can access resources on a web server. This authentication method requires users to provide a valid user name and password to access content. For more information about Basic authentication, go to Configuring Authentication in IIS 7.0 on the Microsoft TechNet website.
Digest authentication uses a Windows domain controller to authenticate users who request access to content on your web server. When you need improved security over Basic authentication, consider using Digest authentication, especially if your environment contains firewalls and proxy servers. For more information about Digest authentication, go to Configuring Authentication in IIS 7.0 on the Microsoft TechNet website.
Windows authentication is best suited for an intranet environment. For more information about Windows authentication, go to Configuring Authentication in IIS 7.0 on the Microsoft TechNet website.
Client certificate mapping authentication
IIS client certificate mapping authentication
URL authorization allows you to create rules that authorize user access to the URLs that make up a web application. For more information about URL authorization, go to Configuring URL Authorization Rules in IIS 7.0 on the Microsoft TechNet website.
When you want to restrict the types of HTTP requests your server will process, you can configure IIS 7.0 to analyze specific criteria for each incoming request. For more information about request filtering, go to Filter HTTP Requests in IIS 7.0 on the Microsoft TechNet website.
Internet Protocol security
Internet Protocol security (IPsec) encrypts data that travels between two computers, thereby helping to protect it from modification and interpretation. For more information about IPsec, go to IPsec Concepts on the Microsoft TechNet website.