Unit 39 Internet Server Management Assignment-Btechnd
TASK 4 (LO3: 3.3 and 3.4)
Configure your Web Server including the following technologies/services
To configure our website and web services and FTP sites we first create a virtual directory or FTP site in the IIS and this can be done with the visage of User Interface (UI) or by using the Appcmd.exe. We can choose any of the approach that we find comfortable to work with.
After creating a new virtual directory by using user interface (UI) and following its wizards or by using the command line utility we are ready to configure various settings for our website as noted below:
- Authorization of certificate
- Configuring various settings
- Hosting headers
- Browsing directories
In order to perform this, a virtual server needs to be created on IIS.
By default the directory browsing is disabled when we initially creates a new virtual directory, but if we want to enable directory browsing for our website we can change this setting simply by using the IIS Manager.
For this Start IIS Manager → connections pane → virtual directory that we want to unable the directory browsing for. Then in the center pane the featured view of the virtual directory double click the Directory Browsing icon or select it and hit Enter.
Choose ENABLE on the left hand portion of Alerts option in order to initiate directory browsing.
We can also specify information being displayed on the directory listing from here in the center pane.
Under the virtual directory there is an icon titled default document that we can use to configure the default documents for the virtual directory. For this first open IIS manager then select virtual directory from the connections pane that we want to edit the default documents settings. After selecting the virtual directory, choose Default Document option by double clicking on it in the center pane or select and press Enter to open default document list for the current virtual directory. On the page displayed we can add new default page for the virtual directory. We can remove a page from the default documents list of the virtual directory or we can move up or down the current specified default document list.
Configure SMTP e-mail for a Web application
We can use the following method by using UI (User interface) to configure the SMTP e-mail for a web-application running on IIS
Start the IIS Manager, in Connections pane select the web application that we want to configure the SMTP e-mail settings for. After that in the features view that is loaded in the centre of the IIS Manager User Interface. Double click the SMTP e-mail or select and press Enter to open the SMTP e-mail settings of the currently selected web application. On the SMTP view, type in email credentials of the one who is sending the message; it should be typed in the email address box. This can be concluded by opting for the most desired delivery option.There are a number of methods to do so. The quickest option to deliver messages at an instant is through the visage of delivering email to the SMTP server. If you select this option this will require a working SMTP server for which user have the credentials. Second we can choose other option provided that is Store e-mail in pickup directory. This can be used to store emails locally on a location on the disk for later delivery by any other application or an individual user such as administrator. After specifying all the required information click Apply in the Actions pane (Blondia, 2009).
Comprehensively Test the Web Server: Your testing should include documentation, eg test plan (test data, expected results, actual results); test results, vulnerability scanning and penetration testing.
|Testing Objective||Expected Result||Result|
|Test the connectivity of the server
|The server must not have any connectivity issues.||The server is running properly and have not connectivity issues.|
|Test the web server is online or not||The server should be online and be accessible to the users||The server is online and working fine as per the requirements|
|Test existing web can be accessed||The website hosted in the web server should be accessible||The website hosted in the web server is accessible|
|Testing internal server access||The website hosted should be access the internal server resources and have proper permissions||The website hosted can access server internal resources and have proper access to all internal resources on the server|
|Test access from external||The web should be accessible from external host||Feature is working perfectly fine|
|Test developers have the access||The developers should be able to access the resources available on the web server using other environment||The developers are able to access the resources available on the server from other development environment successfully|
Testing includes the various scenarios to test and be assured that there are no deviation in implementation and it is implemented as per expectations. The web server testing includes testing the functionally of the server and the feature and facility it is providing to the users or to the developers. It is to check for any vulnerability in the server, that the server is up and running and is not offline and is ready to accept the client request that can be a web Brower or any other ftp client.
Apart from the above mentioned objectives testing also includes access server via FTP client, and to upload and downloading files from server, start stop ftp service and restart ftp service.
First Start IIS Manager and double click the Server Certificates
Then Select ‘Create Certificate Request’ or use a ‘Self-Signed Certificate’ for testing purpose.
Enter a friendly name for the certificate request and hit OK.
Now we have a self-signed certificate that we can use for testing purpose.
Next step is to set the protocol for SSL for your website. Select your website in the IIS Manager > Action pane, select Bindings > Add Site Binding
Select the Type https and ‘SampleCert’ as SSL certificate and click OK
TASK 5 (LO4: 4.1, 4.2 and D2)
Discuss how you configured Websites and services
The <cgi> is not into the installation of IIS so we have to first install it if we want to use it. For this open control panel and then open add remove programs and then select turn off and on windows features. Expand the IIS and then expand World Web services, click Application Development features and then check CGI (Gizem, Aksahya & Ayese, Ozcan, 2009).
<cgi> element servers the settings about the default settings for the CGI in IIS. It is the application setting that the IIS will be using when invoking CGI processes. It is sometimes considered as legacy application environment and because of this others are used like ISAPI and FastCGI etc.
Configuring CGI setting for a site
First start Internet Information Services (IIS) Manager. For open Control Panel Click Administrative Tools, and then select Internet Information Services (IIS) Manager.
On the left hand side, in the Connections pane, click server name, click Sites, and then move to the Website that you want to configure. Then in the home pane click CGI.
After than the home pane will gets replaced by CGI pane, here we can configure the required settings of a CGI Service and after settings all the information click Apply in Actions pane to apply changes.
To enable in-process session state by using the UI
Run IIS Manager and go to the virtual directory that is to be managed by you. Features view > Double Click Session state
After that when the Session State page is open Click in process in the Session State Mode Setting area, optionally you can configure cookie settings in the Cookie Settings on the Session State page. We can enter time in the Time-out field in the format of hh:mm:ss, optionally we can Use hosing identity for impersonation check box to use the windows authentication for remote connections. After setting all the options click Apply in the Actions pane.
Managing Windows Security
Local Users and Groups can be used to limit the users and groups to perform actions by giving rights and permission to them. Basically a right is that we authorize a user to perform a certain action on a computer. In this case, a consent is linked to an object present in the computer (Wellman, 2001)
- The user’s folder display the list of users in the computer.
- The group’s folder display the list of groups in the computer, the default local group and the local group that we create.
- When we open computer management tool we will find a panel on left hand side with the name Local Users And Groups. This is the place where we see all the users and groups that is currently in the windows system.
- There are two folders: Users and Groups.
- Below is the users screenshot
- Below is the groups screen shot
- In order to bring amendment to permissions for specific files and folders, one needs to follow the below mentioned steps:
- Locate the folder that is the source for special permissions.
- Right-click the file or folder, select Properties, and then switch to the Security tab.
- Click Advanced, and then select user
- In the Permissions box, check uncheck allow deny checkbox.
- Click apply on to subfolders if you want to.
- Click OK.
Managing IIS Security
We can set authentication in IIS in four different ways. We can configure client or server certificates that uses SSL encryption for secure connections. By setting client certificates that allows the IIS to identify client based on personal information.
IIS uses server certificates to allow client positively the server based on information in server certificate. Each of the four different methods provides separate features, so we should always select an authentication type according to our needs. The methods available for authentication is as follows
Basic authentication: it is not secure because it send the password over the network in unencrypted clear text
Digest authentication for Windows domain servers: This sends the password in encrypted mode over the network using the hash values. Hence it is secured
Integrated Windows authentication: it involve NTLM authentication protocol
.NET Passport authentication: it uses the Microsoft service that is Microsoft .NET Passport to identify and verify users.
We can change how and who are granted access to web sites under IIS for global or for each web site that is being hosted in IIS. By default anonymous user access is enabled so users don’t need to enter username and password normally (Schubert & Ginsburg, 2000).
Run IIS Manager; right click on the web site > properties. Open Directory Security tab or the File Security tab. open Authentication and Access Control, click the Edit to open the Authentication Methods box. After selecting authentication methods, In order to save the settings, choose the OK option and again click OK in order to shut the window.
We can apply web server permissions locally or globally. Global Web server permissions are applied at the Web Sites (parent object) node level and these are inherited by all of the Web sites, virtual directories.Order Now