Each Web site and application in IIS 6.0 and Windows Server 2003 is stored as a grouping of folders and files. Unauthorized access to, or modification of, these files and folders can present a serious breach of security. You must ensure that only authorized users can access or modify the Web sites and applications that are hosted on your Web server.

To help prevent unauthorized access to Web sites and applications on your Web server, use any combination of the steps illustrated in Figure 3.3. Based on the security requirements of your organization, you might perform a subset of the steps or all of the steps.

Figure 3.3   Preventing Unauthorized Access to Web Sites and Applications