Securing Web Sites in IIS 6.0

Applies To: Windows Server 2003, Windows Server 2003 with SP1

To secure your Web sites, implement a defense-in-depth strategy that combines many different security measures. Use appropriate settings for authentication methods, Web site access control, IP address and domain name restrictions, and secure communications, including certificates and encryption. In addition, implement tools such as firewalls, and lock the rooms that contain hardware. You can use the Directory Security tab in the Web Site Properties dialog box to configure authentication, Web site access control, and IP address and domain name restrictions, and to enable secure communications. For a thorough discussion of IIS security, including how to configure security settings, see Managing a Secure IIS 6.0 Solution.

There are a number of considerations for configuring authentication and access-control settings for WebDAV-based remote publishing. These considerations are outlined in this section.