Home > Sample chapters

Managing Web Server Security in Windows Server 2008 R2

In this chapter from MCTS Self-Paced Training Kit (Exam 70-643): Configuring Windows Server 2008 Applications Infrastructure, 2nd Edition, you learn how to configure security for a Windows Server 2008 R2 web server.

From a systems administration standpoint, one of the main goals for managing web servers is to maintain a high standard of security. Security is an important concern in all areas of IT, but it’s especially important for information and applications that are readily accessible to large numbers of users. In this chapter, you learn how to configure security for a Windows Server 2008 R2 web server.

Lesson 1, "Configuring IIS Security", focuses on securing access to Internet Information Services 7 (IIS 7) and the content it contains. You learn how to configure permissions for remote management and how to increase the security of the server by disabling or removing unneeded features and options. In Lesson 2, "Controlling Access to Web Services," you learn about ways in which you use authentication and authorization. You also learn how to increase security through server certificates and IP address restrictions.

Exam objectives in this chapter:

  • Configure Web applications.

  • Manage Web sites.

  • Manage the Web Server (IIS) role.

  • Configure SSL security.

  • Configure Web site authentication and permissions.

Lessons in this chapter:

  • Lesson 1: Configuring IIS Security

  • Lesson 2: Controlling Access to Web Services

Before You Begin

To complete the lessons in this chapter, you should have:

  • Installed the Web Server (IIS) server role on Server2.contoso.local by using the default installation options for this server role. If you have created additional websites or web applications in previous exercises, you may leave them configured on this server.

  • The ability to create and manage websites and web applications. These topics are covered in Chapter 5, "Installing and Configuring Web Applications".