If I only publish the SSL site to Internet and prevent anonymous acces and activate basic authentification, is that enough? (Server2019)
HTTPS + Basic authentication can only solve part of the security challenge, but they are far from enough.
You still need much more measures (especially related to the site itself, like web framework/code) in order to achieve better security.
Hire a security consultant so that he/she can help you out.
Lex Li
Want to have a chat on the issues you meet? Find me at https://booktime.xyz/p/lextm
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
1 Post
is IIS password authentification secure?
Mar 30, 2021 11:22 AM|icram|LINK
Hi everybody,
I need to publish a company website for our workers.
I am somehow extremely over-cautious ( also because of Exchange ProxyLogon issue).
If I only publish the SSL site to Internet and prevent anonymous acces and activate basic authentification, is that enough? (Server2019)
I am worried about someone loging in without any credentials, like with the Hafnium/ProxyLogon Exploit.
Greetings
icram
9004 Posts
MVP
Re: is IIS password authentification secure?
Mar 30, 2021 07:23 PM|lextm|LINK
HTTPS + Basic authentication can only solve part of the security challenge, but they are far from enough.
You still need much more measures (especially related to the site itself, like web framework/code) in order to achieve better security.
Hire a security consultant so that he/she can help you out.
Want to have a chat on the issues you meet? Find me at https://booktime.xyz/p/lextm
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.