The Web site and the browser have become tools for information exchange both on organizations' intranets as well as on the Internet. While all this information is being moved, standard Web protocols such as HyperText Transfer Protocol (HTTP) provide limited security. Now, there are ways you can configure most Web servers to provide directory- and file-level security based on usernames and passwords. Or you can also provide Web security by programming solutions using the Common Gateway Interface (CGI) or Active Server Pages (ASP). While these are solutions, they are not really great. They have proven to be susceptible to compromise on more than one occasion. You can use Internet Information Services (IIS), included with Windows 2000 Server. IIS will give you the ability to provide a certain level of security for Web sites and communications using standards-based secure communications protocols and standard X.509 certificates. You can use IIS to provide the following security for Web sites and communications:
■ By using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols you can authenticate users and establish secure channels for confidential communications.
■ If you need secure channels for confidential encrypted financial transactions, you can use the Server Gated Cryptography (SGC) protocol.
■ Map user certificates to network user accounts to authenticate users and control user rights and permissions for Web resources based on users' possession of valid certificates issued by a trusted certification authority.
Was this article helpful?