IT tutorials
 
Windows
 

Windows Server 2012 : Securing IIS 8 (part 2) - Auditing Web Services , Using SSL Certificates

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/18/2013 1:51:49 AM

3. Auditing Web Services

Windows Server 2012 auditing can be applied to web and FTP sites to document attempts (successful and unsuccessful) to log on, gain unauthorized access to service accounts, modify or delete files, and execute restricted commands. These events can be viewed through Event Viewer. It’s also important to monitor IIS logs in conjunction with audited events to determine how, when, and if external users are trying to gain unauthorized access.

4. Using SSL Certificates

Secure Sockets Layer (SSL) encryption preserves user and content integrity and confidentiality so that communications between a client and the web server, containing sensitive data such as passwords or credit card information, are protected. SSL is based on the public key infrastructure (PKI, X.509) security standards that protect communication by encrypting data before being transmitted.

Earlier versions of IIS supported SSL, and IIS 8 is no different. IIS 8, however, introduces significant improvements to the use of SSL for securing websites, especially when it comes to scalability.

The use of certificates with IIS can serve three primary purposes, although they are typically used to encrypt connections:

SSL server authentication—This allows a client to validate a server’s identity. SSL-enabled client software can use a PKI to check whether a server’s certificate is valid and has been issued by a trusted certificate authority (CA).

Client authentication—This allows a server to validate a client’s identity. IIS can validate that a client’s certificate is valid as well as check whether the certificate is from a trusted CA.

Encrypting SSL connections—The most common reason for deploying certificates is for SSL based encrypting of all traffic for a given website or virtual directory. This provides a high degree of confidentiality and security.

From an IIS perspective, SSL can be applied to an entire website, directories, or specific files within the website. SSL configuration can be done through IIS Manager.

The high-level steps for using certificates and SSL consist of the following: The first step is to obtain a certificate. The second step is to create an HTTPS binding for a specific site that needs to be encrypted. The final step is to configure SSL settings for a site, application, or physical directory.

To use SSL on a website, a certificate must first be requested and then installed. The request can be created to obtain a certificate either from an external, trusted CA or from an internal PKI. The types of server requests available in Internet Information Services include the following:

Create certificate request—This option is typically used for creating a certificate request, which will be submitted to a trusted CA. The certificate’s distinguished name properties, cryptographic service provider, and bit-length information are entered into a file and then submitted to a public CA for approval.


Tip

When creating the certificate request to a public CA, it is recommended to use 2048 (the default) or higher as the bit length. Keep in mind that higher bit lengths enforce stronger security; however, a greater length can decrease performance.


Create domain certificate request—A domain certificate request is used when providing a request to an internal certificate authority. Typically, the internal certificate authority would be an enterprise certificate authority associated with the company’s Active Directory domain. This approach reduces the cost of purchasing third-party certificates and also simplifies the certificate deployment.

Create Self-Signed Certificate Request—The final option available when creating a certificate request is to use a self-signed certificate. This method is usually only used for maintaining certificates for a testing environment because the certificates are not from a trusted CA.

This example illustrates the procedures to create a domain-based certificate request. To complete this task, this example requires an internal CA running within your domain.

To create a domain-based certificate request, follow these steps:

1. Launch IIS Manager.

2. In the Connections pane, highlight the IIS server that will request an Internet Server Certificate.

3. In the Feature view, double-click the Server Certificates element.

4. In the Actions pane, select Create Domain Certificate Request.

5. On the Distinguished Name Properties page, specify the required information for the certificate, as displayed in Figure 2. The common name is typically the fully qualified domain name (FQDN) of the URL users will use to connect to the website (for example, www.companyabc.com). Click Next to continue.

Image

Figure 2. Creating a domain-based certificate request.

6. Because this is a domain-based certificate request, the next page presented is the Online Certificate Authority. Specify the online certificate authority that will accept the request by selecting the CA from a list. In addition, a friendly name is also required. Click Finish to finalize the request.

When this process has been completed, either the administrator of the CA must approve the request or it can be automatically approved based on the auto-enrollment feature of the domain-based CA. The CA in this example automatically fulfilled the request; therefore, the certificate resides on the Server Certificates page and can be viewed by selecting it and clicking View Task in the Actions pane. If auto-enrollment is not available, the certificate is installed after an administrator approves the request on the CA.

Once the certificate is installed, the next step in the process is to bind the Internet server certificate for the desired website and enable SSL. To do this, follow these steps:

1. Open IIS Manager and select the website for which the certificate will be used.

2. In the Actions Pane, select Bindings to launch the Site Bindings configuration page.

3. In the Site Bindings dialog box, click Add.

4. In the Add Site Binding dialog box, select the HTTPS option from the Type drop-down menu, assign an IP address, and verify the port is 443, as shown in Figure 3.

Image

Figure 3. Adding SSL site binding.

5. Select a certificate, such as the one that was created in the preceding section. You can view the certificate selected by clicking the View button. Click OK to return to the Site Bindings dialog box.

6. Click Close in the Site Bindings dialog box to finalize the binding process.

The final process when configuring a site to utilize SSL is to configure the SSL settings for the site, application, physical directory, or virtual directory. To configure SSL settings on the default website, follow these steps:

1. In IIS Manager, navigate to the Default Web Site.

2. Double-Click the SSL Settings icon in Features view.

3. On the SSL Settings page, enable the Require SSL option. Alternatively, select the Require 128-bit SSL option to force 128-bit encryption.

4. The final setting is to configure whether to accept, ignore, or require client certificates. Choose the appropriate Client Certificates option, and click Apply in the Actions pane to save the changes, as shown in Figure 4.

Image

Figure 4. Configuring properties on the SSL Settings feature page.

 
Others
 
- Windows Server 2012 : Securing IIS 8 (part 1) - Windows Server 2012 Security, IIS Authentication
- Windows Small Business Server 2011 : Using Group Policy Results
- Windows Small Business Server 2011 : Group Policy Preferences (part 3) - Using Group Policy Preferences for Windows - Files
- Windows Small Business Server 2011 : Group Policy Preferences (part 2) - Using Group Policy Preferences for Windows - Drive Maps
- Windows Small Business Server 2011 : Group Policy Preferences (part 1)
- Windows Small Business Server 2011 : Deploying Applications with Group Policy (part 4) - Configuring the Group Policy Software Installation Extension - Adding a Software Package to a Group Policy
- Windows Small Business Server 2011 : Deploying Applications with Group Policy (part 3) - Configuring the Group Policy Software Installation Extension - Setting Software Installation Options
- Windows Small Business Server 2011 : Deploying Applications with Group Policy (part 2) - Creating a GPO for Software Deployment
- Windows Small Business Server 2011 : Deploying Applications with Group Policy (part 1) - Publish or Assign Applications , Creating a Software Distribution Point
- Windows Small Business Server 2011 : Using Group Policy - Backing Up a Group Policy Object, Restoring a Group Policy Object
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us