Tightening Security on Internet Information Services

Tightening Security on Internet Information Services
Although neither Windows XP Professional nor Windows 2000 Professional is intended for high-performance server applications, Internet Information Services can do quite well for a light-duty intranet or as a testing server on these systems. (IIS isn't supported on Windows XP Home Edition.) If you're not careful, however, installing IIS on a system can open security holes. Several powerful services are installed by IIS, and if they are not configured or maintained properly, they offer outsiders a way to gain access to and/or control files on the system.

To install IIS, go to Control Panel, Add Or Remove Programs, Add/Remove Windows Components, Internet Information Services. Click Details to select the components you want to install, as shown in Figure 17-9. In Windows 2000, the FTP and SMTP services are selected for installation by default. Whether you use Windows 2000 or Windows XP, however, if you do not need these services, the best security move is to clear the check boxes so they won't be installed. If you're not sure whether you need the services, you can install them now and then disable them until you need them.


Figure 17-9. When installing Internet Information Services, choose only the components you need. Few people need the FTP or SMTP service.