Because the day-to-day operations of your organization depend on the mission-critical applications that are running on Internet Information Services (IIS) 6.0 Web servers, your Web sites and applications need the highest possible security. When you install IIS 6.0, it is installed in a highly secure and locked configuration. Depending on your Web sites and applications, you might need to configure IIS to be less restrictive so that your Web sites and applications can operate correctly. Your Web sites and applications might also need increased security configuration to authenticate users or to restrict the Web sites, applications, and data that can be accessed by users.

Overview of the Securing Web Sites and Applications Process

Reducing the Attack Surface of the Web Server

Preventing Unauthorized Access to Web Sites and Applications

Isolating Web Sites and Applications

Configuring User Authentication

Encrypting Confidential Data Exchanged with Clients

Maintaining Web Site and Application Security