Security/Certificate Server

Authentication

WWW Service can use three types of authentication:

• Anonymous: Username and password are not required;
• Basic Authentication: Username and password not encrypted;
• Windows Challenge/Response: Both username and password encrypted.

SSL

You will need multiple security certificates when you host multiple virtual servers or when you have multiple virtual directories from several servers.

Know that another type of authentication is to use client certificates mapped to a NT account.

SSL use additional CPU workload, so use it only when necessary.

If you would like to setup a secure web site, you will need SSL certificate from companies like Verisign but if it is just a private web site, an SSL certificate from MS Certificate Server is enough.

With SSL, you will be able to encrypt the data transmitted from your web site hosted in your IIS 4 computer to all users accessing your site over the Internet. you will need an SSL capable browser (IE 2 and above) on the client to access the site. The user will need to type https:// instead of http:// as the URL.

Performance

To get the most performance out of your IIS server, only enable SSL when required. This is because SSL is CPU-intensive.

Wednesday, December 03, 2003