NT Server 4.0 Notes Intro Installing Environment System Policies File Systems Partitions Fault Tolerance Applications Networking Protocols Services RAS Internet NetWare Clients Replication Boot Process Troubleshooting

It is possible to integrate a corporate intranet with the Internet. Both can be supported by the same network system. Following security implications should be considered before attempting to integrate an intranet with the Internet.

• Maintain data that is downloaded to an intranet site separately from information distributed over the Internet.
• Usually, intranet sites are casual and informal, while Internet sites generally reflect the public image for the organization
• It may not be advisable to grant full intranet access to Internet users.

• Using these makes it possible to publish information or services (Web pages, interactive applications) and to post and track databases on the Web.

• They support the Internet Server Application Programming Interface (ISAPI). This is used to create interfaces that can be used for client/server applications.

IIS and PWS are network file and application servers that use:

1. HTTP; is used to create and navigate Web hypertext documents and applications
2. Gopher service is a hierarchical system used to create links to other computers or services, to put these links into custom menus, and to annotate files and directories.
3. FTP is used to transfer files between two computers on a TCP/IP network.

Key features that IIS and PWS provide for a computer running Windows NT  

• Windows NT Server computer with TCP/IP
• CD-ROM drive or LAN connection to server sharing installation files
• Adequate disk space for published information content. Using NTFS file and directory permissions to secure all of the disks used with IIS is recommended.
• Previous versions of FTP, Gopher or other Web services should be disabled.

Changes can be made to a current installation of IIS through the Internet Information Server Setup icon located in Microsoft Internet Server (Common) folder.

Can be installed when Windows NT Server is installed, or later using Network program or the Install Internet Information Server icon located on desktop.

• Windows NT Workstation 4.0 and TCP/IP
• the rest the requirements are the same as IIS. Install PWS through Network applet in Control Panel.

Changes can be made to a current installation of PWS through the Peer Web Services Setup icon located in Microsoft Peer Web Services Internet Server (Common) folder.

Use Microsoft Internet Service Manager (ISM) to:

• Enhance configuration a performance for both; located in both Common folders.
• Provides mechanism to configure and monitor the Internet services running on any computer running Windows NT in the network.

• Internet Service Manager List Box

ISM enables management of multiple servers from one computer. ISM default view, Report, lists the computers on the network and their installed services. Reports also provides following tasks:

1. Connect to servers and view server properties.
2. Start, stop, or pause a service.
3. Select which services should be displayed
4. Configure server properties

Properties

In ISM double-click a computer or service to display its properties. These components can be configured here:

User connections and user logon and authentication requirements

the home directory for each service

server activity tracking through the Logging tab
 

secured access by IP address and bandwidth for each service

Configuring Services

ISM can be used to configure following services:

• WWW services; set and show a default document when users don’t specify a particular file.
• Gopher service
• FTP service
• to add an annotation file to each directory to help describe the files in that directory.
• to enable FTP clients to be used to view files on Windows NT NTFS partitions in same format as a traditional UNIX FTP server, select UNIX on the Directory Listing Style tab. (check this out)

Securing Internet and Intranet sites

Allow Anonymous Access with the Internet Guest Account.

• On many Internet servers, access is anonymous; user name and password not required.

a Guest account, IUSR_computername, is created during IIS or PWS installation. This account is used when allowing anonymous connections.

Note: Internet Guest account is added to the Guest group. Changes to the Guest group user rights and resource permissions also apply to the Internet Guest account

 

Require a User Name and Password on WWW and FTP resources

There are two types of authentication available when requiring a user name and password:

1. Basic Authentication does not encrypt transmissions between client and server. Intruders could discover valid user name and passwords.
2. 
   Windows NT Challenge/Response authentication, supported by Microsoft Internet Explorer version 2.0 or later, protects the password; thereby, providing for secure logon over the network. User account obtained from client is the one with which the user logged on at the client.

Note: FTP server supports only basic authentication, so an FTP site is more secure if only anonymous connections are allowed.

Guidelines for Securing an Internet or Intranet Site:

• Don’t allow blank passwords.
• Require minimum password length.
• Require frequent password change.
• Use different passwords each time they must change.
• Lock out accounts after failed logon attempts.
• Require administrator to unlock locked accounts.
• Require users with restricted hours to be automatically disconnected

Top of page

Comments and suggestions? E-mail me at grantwilson21@yahoo.com I'm sorry, but I can't answer specific network-related, or exam-related questions.
Last Updated: August 6, 2001	Grant Wilson, Edmonton, AB Canada