IIS / Web Services Security threats
- From: "Magdelin" <magdelinsuja@xxxxxxxxxxxxxxxxx>
- Date: Mon, 4 Apr 2005 15:27:01 -0700
Hi,
My security team thinks allowing communication between the two IIS instances
leads to severe security risks. Basically, we want to put our presentation
tier on the perimeter network and the business tier inside the fire wall or
internal network. The biz tier will be developed and deployed as web services
on IIS.
I know microsoft recommends this architecture but I am not able to convince
my security team. They say IIS is vulnerable to viruses and worms even though
the communication between the web and app servers are secure with a
firewall/SSL/IPSec. Even though we will open specific ports for accessing the
web services, is it true that IIS is not a secure environment to access it
from the perimeter network.
If my security team is true, I wonder what would be the alternative to IIS.
If they are not, how should we protect our network while allowing web service
to run on IIS.
I have read all security related recommendations published by Micrososft but
no luck with my security team yet. Esp. the entire document from patterns &
pratices:
Improving Web Application Security - Threats and Countermeasures
How are secure .NET enterprise applications developed and hosted in IIS? Are
there any companies out there which uses this MS recommended architecture and
yet have a secure network?
Thanks,
Magdelin
.
- Follow-Ups:
- Re: IIS / Web Services Security threats
- From: Henk Verhoeven
- Re: IIS / Web Services Security threats
- From: Stephany Young
- Re: IIS / Web Services Security threats
- Prev by Date: Re: Timeout Error
- Next by Date: HTML Tags in WebMethod Description
- Previous by thread: Newbie: Webservice to Webservice Communication: Help!
- Next by thread: Re: IIS / Web Services Security threats
- Index(es):
Relevant Pages
|
Loading
