How To Isolate Web Sites And Applications

By Author: unknownmem
Total Articles: 128
Comment this article

To isolate Web sites and applications, run MCSE 2003 exams(http://www.mcse-70-297.com)
in worker process isolation mode and specify that applications and Web sites hosted on the same server belong to separate application pools. Each application pool uses virtually mapped memory that is not available to other processes. Use file system ACLs to support isolation. You can also tighten security by providing isolation within the metabase. Administration of specific application pools can be restricted to the Web site author and administrator.
Manage Access to Files and Folders In addition to managing services, you must address these areas of Windows Server 2003: the file system location and the use of access control lists (ACLs) on files, folders, and registry keys. The following list sum-marizes several Web-specific issues:
Locating the Web server content on a dedicated disk separate from the operating system. Doing so can prevent directory traversal attacks. Directory traversal
attacks are attacks where an individual obtains access to a subdirectory and attempts to traverse the directory to gain access elsewhere. ...
... Thus, an attacker
might have access to a content folder and seek to gain access to a sensitive folder,such as an operating system folder that contains the Security Accounts Manager (SAM) database. It is much more difficult to move 70-297 Exam(http://www.mcse-70-297.com)
from one disk to another than it is to simply traverse the directory.
Removing permissions. Except for Administrators and SYSTEM Full Control, permissions on the root of the disk volume can be removed. (Removing SYSTEM Full
Control can cause problems with backup and defrag software.)
Using a top-level folder to contain all the subfolders that will contain Web sites and applications.
Providing a subfolder for each Web site and Web application.
Ensuring that anonymous accounts used for access to the Web sites do not have access elsewhere on the server.
Ensuring that Windows groups and accounts given permissions on Web pages do not have access elsewhere on the server.
Additional IIS services and components Do not install additional Web server components, such as the Network News Transfer Protocol (NNTP) service, unless there is a clear business need for the service and a security design has been prepared.
Knowledge Base article 324281 provides instructions on how to prevent relay by requiring authentication and then setting Relay Restrictions. Relay restrictions can be used to prevent relay from any computer or restrict relay to free practice tests(http://www.examshots.com)
specific groups of computers. Knowledge Base article 324285 provides further information on security options for SMTP.