Networking / Beginners

Managing Access Control

Many Web servers, such as IIS on Windows OSes, use a named user account to authenticate anonymous Web visitors (by default, this account on IIS servers is called IUSER_<computername>). When a Web visitor accesses a Web site using this methodology, the Web server automatically logs that user on as the IIS user account.The visiting user remains anonymous, but the host server platform uses the IIS user account to control access.This account grants system administrators granular access control on a Web server so that all anonymous users have the same level of access, whereas users accessing the services through their own user accounts can have different levels of access.

These specialized Web user accounts (for anonymous users) must have their access restricted so they cannot log on locally nor access anything outside the Web root. Additionally, administrators should be very careful about granting these accounts the ability to write to files or execute programs; this should be done only when absolutely necessary. If other named user accounts are allowed to log on over the Web (to give certain users a higher level of access than the anonymous account has), it is essential that these accounts not be the same user accounts employed to log onto the internal network. In other words, if employees log on via the Web using their own credentials instead of the anonymous Web user account, administrators should create special accounts for those employees to use just for Web logon. Authorizations over the Internet should always be considered insecure unless strong encryption mechanisms are in place to protect them. Secure Sockets Layer (SSL) can be used to protect Web traffic; however, the protection it offers is not significant enough to protect internal accounts that are exposed on the Internet.

[Previous] [Contents] [Next]